Quotas API in Confluent Cloud

Use the Quotas API to discover all of the quotas that exist in Confluent Cloud and how close you are to exceeding your limits. For more information on default limit values, see Service Quotas for Confluent Cloud.

Important

The Quotas API is currently available on Confluent Cloud in an Early Access Program for early adopters. An early access feature is a component of Confluent Cloud introduced to gain feedback. This feature should be used only for evaluation and non-production testing purposes or to provide feedback to Confluent, particularly as it becomes more widely available in follow-on preview editions. If you would like to participate in the Early Access Program, email quotas-api-access@confluent.io.

Early Access Program features are intended for evaluation use in development and testing environments only, and not for production use. The warranty, SLA, and Support Services provisions of your agreement with Confluent do not apply to Early Access Program features. Early Access Program features are considered to be a Proof of Concept as defined in the Confluent Cloud Terms of Service. Confluent may discontinue providing preview releases of the Early Access Program features at any time in Confluent’s sole discretion.

Get a Cloud API key and secret

To communicate with the Quotas API, you need a Confluent Cloud API key and API secret. You can generate an API key pair by using the Confluent CLI or Cloud Console.

  1. Install the Confluent CLI.

  2. Log in by using the confluent login command with your credentials.

  3. Run the following command to create the API key and secret.

    confluent api-key create --resource cloud --description <key_description>
    

    Your output should resemble:

    It may take a couple of minutes for the API key to be ready.
    Save the API key and secret. The secret is not retrievable later.
    +---------+------------------------------------------------------------------+
    | API Key | 4U5U9B0BIMPSXIXX                                                 |
    | Secret  | 7oNqCMSI890Ay7CeGBoBDoBBsSttOMJ5oFUwwkhj7g7MlS3p01c99C6ao84pQb8X |
    +---------+------------------------------------------------------------------+
    

For more information, see Create a Cloud API key.


After you generate the API key and API secret, save them in a safe and secure location. All calls to the Quotas API require them for authentication.

Note

Cloud API keys are distinct from the Kafka cluster API keys. You can’t use cluster API keys to call Confluent Cloud APIs.

Quota scopes

You can query for limits that apply currently to the following scopes.

Scope parameter Description
organization Limits applied to organizations
environment Limits applied to environments in an organization
kafka_cluster Limits applied to Kafka clusters
user_account Limits for user accounts
service_account Limits for service principal accounts

Quotas API endpoints

Access the Quotas API by making requests to the following endpoints.

Scopes

Get the available scopes that quotas apply to.

https://api.confluent.cloud/quotas/v2/scopes
Environment

Get the limits that are applied to your environments.

https://api.confluent.cloud/quotas/v2/applied-quotas?scope=environment
Organization

Get the limits that are applied to organizations.

https://api.confluent.cloud/quotas/v2/applied-quotas?scope=organization
Kafka Cluster

Get the limits that are applied to your Kafka clusters.

https://api.confluent.cloud/quotas/v2/applied-quotas?scope=kafka_cluster
Service account

Get the limits that are applied to service principal accounts.

https://api.confluent.cloud/quotas/v2/applied-quotas?scope=service_account
User account

Get the limits that are applied to user principal accounts.

https://api.confluent.cloud/quotas/v2/applied-quotas?scope=user_account

Query a Quotas endpoint

Requests to the Quotas API have the following format:

https://api.confluent.cloud/quotas/v2/applied-quotas?<param_1>=<value1>&<param_2>=<value2>&...

You can access the endpoints by using the curl command. Use the API key and API secret that you saved earlier as the user name and password for the --user option. Remember to separate them with the : character.

curl --request GET \
  --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?<param_1>=<value1>&<param_2>=<value2>&...' \
  --user '<api_key>:<api_secret>'

The response is JSON, so you can use tools like jq to get the quota values and metadata, like page tokens.

Note

The following example commands show how to query for many of the available quota limits, but they don’t comprise an exhaustive list.

Query for scopes

Run the following command to query for the available quota scopes.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/scopes' \
     --user '<api_key>:<api_secret>'
     | jq '.data[] | {id}'

Your output should resemble:

{
  "id": "user_account"
}
{
  "id": "service_account"
}
{
  "id": "organization"
}
{
  "id": "environment"
}
{
  "id": "kafka_cluster"
}

You use the id string for the scope parameter in requests to the applied-quotas endpoint. For example, the following request gets the active quotas for your environments:

https://api.confluent.cloud/quotas/v2/applied-quotas?scope=environment

Paged responses

For long lists of quotas, you can request paged responses. For example, the following request specifies a page_size of 2.

https://api.confluent.cloud/quotas/v2/applied-quotas?scope=organization&page_size=2

The JSON response has a next key that has a URL to request the next page of results. The following command shows how to use jq to extract the key so you can use it in your next request.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?scope=organization&page_size=2' \
     --user '<api_key>:<api_secret>' \
     | jq '.metadata | {next}'

Your output should resemble:

{
  "next": "https://api.confluent.cloud/quotas/v2/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0="
}

Use the full next URL in another request to get the next page:

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0=' \
     --user '<api_key>:<api_secret>'

Get your environment ID

Some Quotas endpoints require the environment ID. You can get it from the Cloud Console, or you can use the confluent environment list command.

Run the following command to get a list of your Confluent Cloud environments.

confluent environment list

Your output should resemble:

     Id    |  Name
+----------+---------+
  * t35808 | default

Save the environment ID in a safe and secure location.

Get quotas for your environment

The following table shows the quotas that you can get for the Environment scope. For default values, see Environment quotas.

Quota (maximum number) Quotas service code
Kafka clusters per environment kafka.max_kafka_clusters.per_env
Pending Kafka clusters per environment kafka.max_pending_kafka_clusters.per_env
Kafka cluster CKUs per environment kafka.max_ckus.per_env
ksqlDB apps per environment ksql.max_apps.per_env

The following command requests all of the quotas that are active in your environment. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?scope=environment' \
     --user '<api_key>:<api_secret>' \
     | jq '.data[] | .environment.kind,.environment.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
{
  "display_name": "Max Kafka Cluster CKUs Per Environment",
  "id": "kafka.max_ckus.per_env",
  "applied_limit": 50
}
"Environment"
"a-808"
{
  "display_name": "Max Kafka Clusters Per Environment",
  "id": "kafka.max_kafka_clusters.per_env",
  "applied_limit": 20
}
"Environment"
"a-808"
{
  "display_name": "Max Pending Kafka Clusters Per Environment",
  "id": "kafka.max_pending_kafka_clusters.per_env",
  "applied_limit": 3
}
"Environment"
"a-808"
{
  "display_name": "Max Ksql Apps Per Environment",
  "id": "ksql.max_apps.per_env",
  "applied_limit": 3
}

Max clusters for an environment

The following command requests the kafka.max_kafka_clusters.per_env quota. Replace <env_id>, <api_key>, and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/kafka.max_kafka_clusters.per_env?environment=<env_id>' \
     --user '<api_key>:<api_secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
{
  "display_name": "Max Kafka Clusters Per Environment",
  "applied_limit": 20
}

Max cluster CKUs for an environment

The following command requests the kafka.max_ckus.per_env quota. Replace <env_id>, <api_key>, and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/kafka.max_ckus.per_env?environment=<env_id>' \
     --user '<api_key>:<api_secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
{
  "display_name": "Max Kafka Cluster CKUs Per Environment",
  "applied_limit": 50
}

Max pending clusters for an environment

The following command requests the kafka.max_pending_kafka_clusters.per_env quota. Replace <env_id>, <api_key>, and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/kafka.max_pending_kafka_clusters.per_env?environment=<env_id>'
     --user '<api_key>:<api_secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
{
  "display_name": "Max Pending Kafka Clusters Per Environment",
  "applied_limit": 3
}

Max ksqlDB applications for an environment

The following command requests the ksql.max_apps.per_env quota. Replace <env_id>, <api_key>, and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/ksql.max_apps.per_env?environment=<env_id>'
     --user '<api_key>:<api_secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
{
  "display_name": "Max Ksql Apps Per Environment",
  "applied_limit": 3
}

Get quotas for your organization

The following table shows the quotas that you can get for the Organization scope. For default values, see Organization quotas.

Quota (maximum number) Quotas service code
Environments per organization iam.max_environments.per_org
Kafka clusters per organization iam.max_kafka_clusters.per_org
Cloud API keys per organization iam.max_cloud_api_keys.per_org
User accounts per organization iam.max_users.per_org
Service accounts per organization iam.max_service_accounts.per_org
Audit log consumer API keys per organization iam.max_audit_log_api_keys.per_org
Kafka cluster provisioning requests per day kafka.max_kafka_creation.per_day

The following command requests all of the quotas that apply to organizations. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?scope=organization' \
     --user '<api_key>:<api_secret>' \
     | jq '.data[] | {display_name,id,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Audit Log API Keys Per Organization",
  "id": "iam.max_audit_log_api_keys.per_org",
  "applied_limit": 2
}
{
  "display_name": "Max Cloud API Keys Per Organization",
  "id": "iam.max_cloud_api_keys.per_org",
  "applied_limit": 100
}
{
  "display_name": "Max Environments Per Organization",
  "id": "iam.max_environments.per_org",
  "applied_limit": 10
}
{
  "display_name": "Max Kafka Clusters Per Organization",
  "id": "iam.max_kafka_clusters.per_org",
  "applied_limit": 50
}
{
  "display_name": "Max Service Accounts Per Organization",
  "id": "iam.max_service_accounts.per_org",
  "applied_limit": 100
}
{
  "display_name": "Max Users Per Organization",
  "id": "iam.max_users.per_org",
  "applied_limit": 100
}
{
  "display_name": "Max Kafka Cluster Provisioning Requests Per Day",
  "id": "kafka.max_kafka_creation.per_day",
  "applied_limit": 10
}

Max Cloud API keys for an organization

The following command requests the iam.max_cloud_api_keys.per_org quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_cloud_api_keys.per_org' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max API Keys Per Organization",
  "applied_limit": 100
}

Max environments for an organization

The following command requests the iam.max_environments.per_org quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_environments.per_org' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Environments Per Organization",
  "applied_limit": 10
}

Max Kafka clusters for an organization

The following command requests the iam.max_kafka_clusters.per_org quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_kafka_clusters.per_org' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Kafka Clusters Per Organization",
  "applied_limit": 50
}

Max service accounts for an organization

The following command requests the iam.max_service_accounts.per_org quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_service_accounts.per_org' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Service Accounts Per Organization",
  "applied_limit": 100
}

Max user accounts for an organization

The following command requests the iam.max_users.per_org quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_users.per_org' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Users Per Organization",
  "applied_limit": 100
}

Max audit log consumer API keys per organization

The following command requests the iam.max_audit_log_api_keys.per_org quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_audit_log_api_keys.per_org' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Audit Log API Keys Per Organization",
  "applied_limit": 2
}

Max Kafka cluster provisioning requests per day

The following command requests the kafka.max_kafka_creation.per_day quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/kafka.max_kafka_creation.per_day' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Kafka Cluster Provisioning Requests Per Day",
  "applied_limit": 10
}

Get quotas for Kafka clusters

The following table shows the quotas that you can get for the Kafka cluster scope. For default values, see Kafka cluster quotas.

Quota (maximum number) Quotas service code
(Dedicated) Kafka API keys kafka.max_api_keys.per_cluster
(Standard) Kafka API keys kafka.max_api_keys.per_cluster
(Basic) Kafka API keys kafka.max_api_keys.per_cluster
Accounts that can create PrivateLink connections to the cluster kafka.max_private_links.per_cluster
Peering connections kafka.max_peering.per_cluster
CKUs kafka.max_ckus.per_cluster

Note

The API keys quotas include keys owned by user accounts and by service accounts.

The following command requests all of the quotas that apply to Kafka clusters. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?scope=kafka_cluster' \
     --user '<api_key>:<api_secret>' \
     | jq '.data[] | {display_name,id,applied_limit}'

Your output should resemble:

{
  "display_name": "Max API Keys Per Kafka Cluster",
  "id": "kafka.max_api_keys.per_cluster",
  "applied_limit": 100
}
{
  "display_name": "Max CKUs Per Kafka Cluster",
  "id": "kafka.max_ckus.per_cluster",
  "applied_limit": 4
}
{
  "display_name": "Max Peering Connections Per Kafka Cluster",
  "id": "kafka.max_peering.per_cluster",
  "applied_limit": 5
}
{
  "display_name": "Max Private Links Per Kafka Cluster",
  "id": "kafka.max_private_links.per_cluster",
  "applied_limit": 10
}

Get the Kafka cluster ID

The Kafka cluster quotas require a cluster ID parameter. Open the Cluster settings page in Confluent Cloud, or use the following ccloud command to get your cluster ID.

confluent kafka cluster list

Your output should resemble:

       Id      |   Name    | Type  | Provider |   Region    | Availability | Status
+--------------+-----------+-------+----------+-------------+--------------+--------+
  * lkc-j3b0b2 | cluster_0 | BASIC | gcp      | us-central1 | single-zone  | UP

In this example, the cluster ID is lkc-j3b0b2.

Max API keys per Kafka cluster

The following command requests the kafka.max_api_keys.per_cluster quota.

Replace <api_key> and <api_secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/kafka.max_api_keys.per_cluster?scope=kafka_cluster&environment=<env_id>&kafka_cluster=<cluster_id>' \
     --user '<api_key>:<api_secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
"Cluster"
"lkc-j3b0b2"
{
  "display_name": "Max API Keys Per Kafka Cluster",
  "id": "kafka.max_api_keys.per_cluster",
  "applied_limit": 20
}

Max peering connections per Kafka cluster

The following command requests the kafka.max_peering.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/kafka.max_peering.per_cluster?scope=kafka_cluster&environment=<env_id>&kafka_cluster=<cluster_id>' \
     --user '<api_key>:<api_secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
"Cluster"
"lkc-j3b0b2"
{
  "display_name": "Max Peering Connections Per Kafka Cluster",
  "id": "kafka.max_peering.per_cluster",
  "applied_limit": 5
}

Max CKUs per Kafka cluster

The following command requests the kafka.max_ckus.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/kafka.max_ckus.per_cluster?scope=kafka_cluster&environment=<env_id>&kafka_cluster=<cluster_id>' \
     --user '<api_key>:<api_secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"a-808"
"Cluster"
"lkc-j3b0b2"
{
  "display_name": "Max CKUs Per Kafka Cluster",
  "id": "kafka.max_ckus.per_cluster",
  "applied_limit": 4
}

Get quotas for service accounts

The following table shows the quotas that you can get for the Service account scope. For default values, see Service account quotas.

Quota (maximum number) Quotas service code
Confluent Cloud API keys iam.max_cloud_api_keys.per_service_account
Kafka API keys iam.max_kafka_api_keys.per_service_account

The following command requests all of the quotas that apply to service accounts. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?scope=service_account' \
     --user '<api_key>:<api_secret>' \
     | jq '.data[] | {display_name,id,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Service Account",
  "id": "iam.max_cloud_api_keys.per_service_account",
  "applied_limit": 10
}
{
  "display_name": "Max Kafka API Keys Per Service Account",
  "id": "iam.max_kafka_api_keys.per_service_account",
  "applied_limit": 10
}

Max Cloud API keys per service account

The following command requests the iam.max_cloud_api_keys.per_service_account quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_cloud_api_keys.per_service_account' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Service Account",
  "applied_limit": 100
}

Max Kafka API keys per service account

The following command requests the iam.max_kafka_api_keys.per_service_account quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_kafka_api_keys.per_service_account' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Kafka API Keys Per Service Account",
  "applied_limit": 100
}

Get quotas for user accounts

The following table shows the quotas that you can get for the User account scope. For default values, see User account quotas.

Quota (maximum number) Quotas service code
Confluent Cloud API keys iam.max_cloud_api_keys.per_user
Kafka API keys iam.max_kafka_api_keys.per_user

The following command requests all of the quotas that apply to user accounts. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas?scope=user_account' \
     --user '<api_key>:<api_secret>' \
     | jq '.data[] | {display_name,id,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per User",
  "id": "iam.max_cloud_api_keys.per_user",
  "applied_limit": 100
}
{
  "display_name": "Max Kafka API Keys Per User",
  "id": "iam.max_kafka_api_keys.per_user",
  "applied_limit": 100
}

Max Cloud API keys per user

The following command requests the iam.max_cloud_api_keys.per_user quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_cloud_api_keys.per_user' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per User Account",
  "applied_limit": 100
}

Max Kafka API keys per user

The following command requests the iam.max_kafka_api_keys.per_user quota.

curl --request GET \
     --url 'https://api.confluent.cloud/quotas/v2/applied-quotas/iam.max_kafka_api_keys.per_user' \
     --user '<api_key>:<api_secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Kafka API Keys Per User Account",
  "applied_limit": 100
}