Rate limit rule form for guest user access to catalog items

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The REST API Rate Limit Rule form enables you to set the number of API requests in an hour by guest users.

    Table 1. REST API Rate Limit Rule form fields
    Field Description
    REST API resource Rest API resource. This field is auto-populated depending on the values entered in the other fields.
    Name Unique name for the rate limit rule.
    REST API REST API selected from the list of all external-facing REST APIs for the instance.

    Select Service catalog.
    Version Version of the REST API. Values listed depend on the REST API selected.

    Select latest.
    Resource

    Resource for the version. Values listed depend on the Version selected.

    For example,

    • Buy Item
    • Submit a Record Producer
    • Validate Variable Regex (If the item consists of a variable which requires Regex Validation)
    • Checkout Order Guide
    • Variable display value
    • Check requested for delegation on item
    Active Check box to indicate that the rate limit rule is active.

    Rate limit rules are activated by default as soon as you create them. You can deactivate rate limit rules to stop enforcing a rate limit or activate rate limit rules to resume enforcing a rate limit.
    Request limit per hour Maximum number of requests permitted in an hour.
    Note:
    Whenever you update the value of this field, the ServiceNow AI Platform resets the count of requests to 0 and deletes all violations for the current hour.
    Apply to
    Users restricted by this rule:
    • Single user applies the rate limit to a specific user.
    • Users with role applies the rate limit to all users with a specific role.
    • All users applies the rate limit to all users.
    Select Users with role.
    Role

    Role to which the rate limit applies.

    Select public.
    Note:
    Appears only when you select Users with role at the Apply to field.