Account Limits

All Fingerprint accounts are limited to one unlimited 14-day free trial. After you sign up, you are automatically enrolled in the free trial and can try the Fingerprint API without limitations. After the trial period ends, you must upgrade to a paid plan to continue using Fingerprint.

All Fingerprint applications have the following default limits:

ResourceDefault LimitNotes
SSL certificates1Each SSL Certificate can hold up to 50 subdomains.
API Keys10The number of API keys that an application can have. Includes public and secret keys.
Monthly API requestsunlimitedOnly Identification API requests count towards your monthly plan or are billed. Server API requests are free.
API Rate Limit5 requests per second (*bursts)The maximum number of API requests per second for the public keys used for Identification and Smart Signals calculations, as well as the secret keys for accessing the Server API endpoints (/visitors and /events). It is possible to increase the limit on Enterprise plan by emailing support.
Webhook endpoints5Webhooks.
Request filtering rules15Request filtering rules that an application can have in total. Includes allowed/forbidden origins and forbidden HTTP headers.
Visit history30 daysFor plans, visit history is available through the Server API for the past 30 days. For Enterprise plans, the data is kept for 90 days or longer depending on the enterprise contract.


Increasing Limits

If you are an Enterprise plan customer and want to increase a limit, please reach out to our support team.

Rate Limiting - Burst Protection

Short unexpected traffic spikes could normally cause request throttling if the API key exceeded the API Rate Limit. Burst protection prevents that by allowing peak traffic to be higher than usual for a short period of time. The allowed burst size (bucket) is always API Rate Limit * 3 (15 RPS in the default configuration). The burst bucket automatically regenerates every second by API Rate Limit - RPS when the current RPS is lower than the API Rate Limit.


Real world examples of burst bucket depletion with different RPS values (considering the default API Rate Limit value above):

  • Burst bucket never depletes when RPS is 5
  • Burst bucket depletes in 15 seconds on 6 RPS
  • Burst bucket depletes in 3 seconds on 10 RPS
  • Burst bucket depletes in 1 second on 20 RPS

Whenever the bucket depletes, the service starts dropping requests above API Rate Limit.