Rate limits for Grafana IRM
Grafana IRM enforces rate limits at several levels to protect platform stability and ensure reliable service for all organizations. This page consolidates the default limits that apply to alert ingestion, API requests, incoming webhooks, Slack, and phone and SMS notifications.
When you exceed an IRM-enforced limit, IRM returns HTTP 429 Too Many Requests.
IRM doesn’t queue or replay requests that hit a rate limit.
Inbound rate limits
These limits apply to data that external systems send into IRM.
Alert ingestion
These limits apply to incoming alerts received by IRM integrations. They control how many alerts an integration, or your entire organization, can send to IRM in a given time window. They don’t limit how many notifications IRM delivers to responders.
Both limits apply at the same time. The per-integration limit provides a first line of defense: a single misbehaving integration reaches its limit before it consumes the organization-wide quota.
When you exceed an alert ingestion limit, IRM drops the alert. The first time you hit a rate limit, IRM sends a notification to your configured Slack workspace.
Incident creation
These limits apply to every path that creates an incident: the Incident API, incident incoming webhooks, and the Declare Incident escalation step.
For example, if an escalation chain includes a Declare Incident step and another incident was already created for the same Grafana Stack within the last 6 seconds, IRM rate-limits the request. IRM retries the step automatically with exponential backoff, so the incident is created after the time window ends.
When a request is rate-limited, the response includes a Retry-After header that indicates how many seconds to wait before retrying.
API rate limits
These limits apply to programmatic requests you make to IRM.
REST API
These limits apply to requests you make to the OnCall REST API.
Outbound notification limits
These limits affect how IRM delivers notifications to responders. Some are enforced by IRM; others are enforced by external providers.
Slack
Slack enforces its own rate limits per channel and per organization on messages that IRM posts. These limits are separate from IRM’s rate limits.
When Slack rate-limits IRM:
- IRM blocks posting or updating alert groups in that channel for 5 minutes, then automatically resumes.
- IRM skips personal Slack notifications for affected alert groups.
- In some cases, IRM posts the alert group message successfully but still skips the personal Slack notification.
For more information, refer to the Rate limiting section in the Grafana Cloud app for Slack documentation.
Phone number verification
IRM rate-limits phone number verification, including both requesting a verification code and submitting one. Limits apply per user and per organization, with additional limits for free and trial organizations.
When a verification limit is reached, IRM returns HTTP 429 Too Many Requests; wait before retrying.
Phone and SMS notifications
There are no fixed rate limits for outgoing alert and on-call phone calls and SMS notifications. However, Grafana Labs reserves the right to throttle or stop delivery when volume is abnormally high.
Adjusting and bypassing limits
Depending on your use case, you may be able to request higher limits or bypass alert ingestion limits for specific integrations.
Request higher limits
Rate limits can be adjusted per organization for alert ingestion and REST API requests. Contact Grafana Labs support if you have a legitimate use case that consistently exceeds the defaults. Include your organization ID and details about the alert volume or API usage pattern.
Bypass alert ingestion limits for specific integrations
Individual integration tokens can be allowlisted to bypass rate limiting. Grafana operations manages this at the platform level. You can’t configure bypasses yourself.
