Scaling responsibly: evolving our API rate limits to power the next generation of Atlassian Cloud

At Atlassian, we’re committed to delivering a cloud platform that’s reliable, scalable, and flexible enough to let developers and partners experiment, iterate, and validate their ideas quickly. Whether you’re an Atlassian Marketplace partner, a developer building custom integrations, or part of an enterprise team automating workflows, our API platform plays a critical role in your success.

As our ecosystem grows with partners building AI-powered experiences, real-time orchestrations, and integrations that leverage our APIs at unprecedented scale, we’re evolving our approach to rate limiting. These changes are designed to safeguard platform health, reliability, and fairness as usage increases, ensuring Atlassian Cloud remains ready for whatever you build next.

Overview of changes

We are introducing a new API rate-limiting model that enables consistent performance and fair usage across Jira and Confluence Cloud. The vast majority of free and paid apps won’t be affected by these changes, and no action is required.

Introducing the points-based model

We’re evolving how we measure API usage from simple request-per-second caps to a points-based approach. Each REST and GraphQL request consumes points based on the work it performs, such as the data returned or operations triggered. This approach more accurately reflects the impact each request has on our shared infrastructure, giving developers clearer, more predictable ways to scale their apps.

Tiered rate limits

We’re introducing two types of app-level quotas that apply consistently across the Atlassian platform, covering apps built on Forge, Connect, and OAuth 2.0 (3LO) integrations:

• Tier 1 Global Pool:
  • A single, generous hourly quota shared across all tenants using an app. Tier 1 is designed to provide ample capacity for most apps to serve their user base efficiently without hitting limits.
• Tier 2 Per-Tenant Pool:
  • Hourly quotas are allocated on a per-tenant, per-app basis. We allocate a separate quota for each tenant to which the app is deployed. Tier 2 access can be requested for apps with elevated workloads, pending a review of usage patterns and eligibility criteria.

All apps begin in Tier 1 by default. Tier 2 access can be requested for apps with elevated workloads, pending a review of usage patterns and eligibility criteria. If your app requires real-time data access or supports AI-based features and does not meet the Tier 2 criteria, consider using Atlassian Rovo MCP as an alternative to direct API queries.

Shared rate limits for app copies

To maintain performance, reliability, and security, we will cluster apps that are functionally identical or created as copies, such as separate apps deployed for each customer rather than a single distributable app. These clustered apps share one rate limit quota, treating them as a single app.

As a reminder, distributing duplicate or per-tenant versions of the same app violates our platform policy. For more information, review our guidance for third-party apps.

API token rate limits

API token traffic is currently managed using burst rate limits. While there are no immediate changes, we are actively evaluating usage patterns and working towards a more scalable, quota-based approach that reflects real-world needs. Our goal is to ensure a reliable and predictable experience for all partners as our ecosystem grows. If and when we make changes to these rate-limiting policies, we will provide advance notice and clear guidance to help you prepare.

Why we’re making these changes

As Atlassian’s ecosystem grows, we’ve seen a significant increase in overall API usage, reflecting the expanding impact and ambition of the solutions being built. While many of these integrations enable important business outcomes, sustained high-volume and data-intensive traffic can place pressure on shared platform resources, affecting the experience for everyone.

We’re committed to supporting innovation across all types of integrations, whether you’re building AI-powered experiences, real-time orchestrations, or custom automation while keeping the platform reliable and fair for everyone.

Our new points-based model measures usage more accurately, aligning limits with actual system impact rather than just request counts. Partners with high-throughput needs have a clear path to request additional capacity through our tiered structure. This approach ensures the platform can scale sustainably while giving developers the transparency and capacity they need to build with confidence.

Most apps already within the new limits

Most apps, both free and paid, already operate well within the new Global Pool limits, so no action is required for the vast majority of partners. For those apps with more demanding or specialized needs, we have proactively reviewed usage and upgraded eligible apps to higher tiers where appropriate. If your app requires additional capacity in the future, clear pathways are available to request it.

To support a smooth rollout, we’ll also provide:

• Detailed developer documentation
• Usage guidelines
• Real-world examples

These resources will help developers understand how the points model works, monitor usage in real-time, and tune API calls for efficiency. Our goal is to make this transition clear, predictable, and flexible, accommodating the wide variety of integration patterns across our ecosystem.

What should I do as an app developer?

For most apps, no immediate action is required. If you’re building or operating a higher‑throughput or AI‑powered app, we recommend:

1. Check your app’s tier. Once available, you’ll be able to see whether your app is in Tier 1 (Global Pool) or Tier 2 (Per‑Tenant Pool) in the Developer Console. We’ve already reviewed usage and upgraded many eligible apps to Tier 2 where appropriate, so most developers won’t need to take immediate action.
2. Monitor the new rate‑limit headers. We’re surfacing usage and rate‑limit headers so you can understand your app’s points consumption and quota status before enforcement begins. The technical docs on https://developer.atlassian.com/ include concrete examples and guidance on how to interpret these headers.
3. Request a review if you need more capacity. If you observe your Tier 1 app regularly approaching or exceeding Tier 1 rate limits, you can request an app review via the Developer Support Portal. Our teams will review your usage patterns against our Tier 2 criteria and, where appropriate, move eligible apps to Tier 2.

Starting February 2, 2026: Phased Enforcement begins for the new rate limits across Jira and Confluence REST APIs, followed by GraphQL endpoints in subsequent phases.

Looking ahead

These changes represent a long-term investment in developer experience and platform reliability. Our goal is to continue supporting a vibrant ecosystem of apps and partners while unlocking new possibilities for automation, intelligence, and collaboration. Thank you for your continued partnership and the innovation you bring to the Atlassian ecosystem. Together, we’re building what’s next, and we’re committed to supporting your success every step of the way.