Service Quotas API for Confluent Cloud¶

Use the Service Quotas API to discover default quota limits, applied quotas, and your current usage of Confluent Cloud resources. You can query for quotas at different scopes, like organization, environment, and Kafka cluster.

Note

Some service quotas show only applied limits, not usage.

For more information on default limit values and usage availability, see Service Quotas for Confluent Cloud.

Important

The code examples below use jq to filter and transform JSON data into a more readable format. For more information, see jq (README).

Get an API key and secret¶

To communicate with the Service Quotas API, you need a Confluent Cloud API key (resource-scoped for resource management) and API secret. You can generate an API key pair by using the Confluent CLI or Cloud Console.

Install the Confluent CLI.
Log in by using the confluent login command with your credentials.

Run the following command to create the API key and secret.

confluent api-key create --resource cloud --description <key_description>

Your output should resemble:

It may take a couple of minutes for the API key to be ready.
Save the API key and secret. The secret is not retrievable later.
+---------+------------------------------------------------------------------+
| API Key | 4U5U9B0BIMPSXIXX                                                 |
| Secret  | 7oNqCMSI890Ay7CeGBoBDoBBsSttOMJ5oFUwwkhj7g7MlS3p01c99C6ao84pQb8X |
+---------+------------------------------------------------------------------+

For more information, see Add an API key.

After you generate the API key and API secret, save them in a safe and secure location. All calls to the Quotas API require them for authentication.

Note

An API key resource-scoped for resource management is distinct from an API key resource-scoped for an Kafka cluster. You can’t use a cluster’s API key to call Confluent Cloud APIs.

Service Quotas API endpoints¶

You can query for limits that apply currently to the following scopes.

Scope parameter	Description
`organization`	Limits applied to organizations
`user_account`	Limits for user accounts
`service_account`	Limits for service principal accounts
`environment`	Limits applied to environments in an organization
`kafka_cluster`	Limits applied to Kafka clusters
`network`	Limits applied to networks

Access the Service Quotas API by making requests to the following endpoints.

Scopes

Get the available scopes that quotas apply to.

https://api.confluent.cloud/service-quota/v1/scopes

Organization

Get the limits that are applied to organizations.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization

Service account

Get the limits that are applied to service principal accounts.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=service_account

User account

Get the limits that are applied to user accounts.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=user_account

Environment

Get the limits that are applied to your environments.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment

Kafka Cluster

Get the limits that are applied to your Kafka clusters.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=kafka_cluster

Network

Get the limits that are applied to your networks.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=network

Query a Service Quotas endpoint¶

Requests to the Service Quotas API have two possible request formats.

List of quotas: Use the following format to retrieve a list of applied quotas:
```
https://api.confluent.cloud/service-quota/v1/applied-quotas?<param1>=<value1>&<param2>=<value2>&...
```
For example, the following request gets a list of all applied quotas in your environment:
```
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment
```
List requests require the scope parameter and may have optional parameters, like page_size.
Single quota: Use the following format to read a particular applied quota:
```
https://api.confluent.cloud/service-quota/v1/applied-quotas/<quota-id>?<param1>=<value1>&<param2>=<value2>&...
```
For example, to get the quota for the maximum number of Kafka clusters in a specific environment, provide the kafka.max_kafka_clusters.per_env quota ID and the environment ID:
```
https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_clusters.per_env?environment=<env-id>
```
A request to read a specific quota must specify a combination of identifiers for the environment, cluster, or network, depending on the context.

In a command shell, you can access the endpoints by using the curl command. Use the API key and API secret that you saved earlier as the user name and password for the --user option. Remember to separate them with the : character.

curl --request GET \
  --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?<param1>=<value1>&<param2>=<value2>&...' \
  --user '<api-key>:<api-secret>'

The response is JSON, so you can use tools like jq to get the quota values and metadata, like page tokens.

Note

The Applied Quotas response objects have a field named usage that appears only if the requested quota supports usage data. If the quota doesn’t support usage data, no usage attribute is returned in the response body.

Paged responses¶

For long lists of quotas, you can request paged responses. For example, the following request specifies a page_size of 2.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization&page_size=2

The JSON response has a next key that has a URL to request the next page of results. The following command shows how to use jq to extract the key so you can use it in your next request.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization&page_size=2' \
     --user '<api-key>:<api-secret>' \
     | jq '.metadata | {next}'

Your output should resemble:

{
  "next": "https://api.confluent.cloud/service-quota/v1/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0="
}

Use the full next URL in another request to get the next page:

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0=' \
     --user '<api-key>:<api-secret>'

RBAC Model¶

If the API Key owner has the OrganizationAdmin role, they can see all available quotas.

If the API Key owner is an EnvironmentAdmin, ClusterAdmin, or NetworkAdmin, they can see only quotas that are relevant to the specific environment, cluster, or network their roles allow them access to.

To query quotas from the user_account or service_account scope, you must be an OrganizationAdmin.

A user can only query quotas for their own user account.

The only way to query quotas for a group of service accounts is to make a GET call to the service_account endpoint, which returns the full list of quotas associated with each service account.

Example requests¶

The following example commands show how to query for many of the applied quota limits, but they don’t comprise an exhaustive list.

Query for scopes
Organization quotas
Service account quotas
User account quotas
Environment quotas
Kafka cluster quotas
Network quotas

Filtering¶

When querying quotas in the kafka_cluster scope, only kafka_cluster, environment, and id (quota code) filters can be specified.
When querying quotas in the network scope, only network, environment, and id (quota code) filters can be specified.
When querying quotas in the environment scope, only the environment and id (quota code) filters can be specified.
When querying quotas in the organization, user_account, or service_account scopes, only the id (quota code) filter can be specified.
On a LIST call where the id (quota code) filter value is valid, but not for the specified scope, the result is a 400 error.
On a LIST call where the id (quota code) filter is invalid, the result is a 400 error.

Query for scopes¶

Run the following command to query for the available quota scopes.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/scopes' \
     --user '<api-key>:<api-secret>'
     | jq '.data[] | {id}'

Your output should resemble:

{
  "id": "user_account"
}
{
  "id": "service_account"
}
{
  "id": "organization"
}
{
  "id": "environment"
}
{
  "id": "network"
}
{
  "id": "kafka_cluster"
}

You use the id string for the scope parameter in requests to the applied-quotas endpoint. For example, the following request gets the active quotas for your environments:

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment

Organization quotas¶

The following table shows the quotas that you can get for the Organization scope. For default values, see Organization.

Quota (maximum number)	Service quotas code
Environments per organization	`iam.max_environments.per_org`
RBAC role bindings (total)	`iam.max_rbac_role_bindings_all_roles.per_org`
RBAC role bindings (with Kafka permissions)	`iam.max_rbac_role_bindings.per_org_plus_envs`
Kafka clusters per organization	`iam.max_kafka_clusters.per_org`
API keys per organization	`iam.max_cloud_api_keys.per_org`
BYOK keys per organization	`byok.max_keys.per_org`
User accounts per organization	`iam.max_users.per_org`
Invitations per organization	`iam.max_pending_invitations.per_org`
Service accounts per organization	`iam.max_service_accounts.per_org`
Audit log consumer API keys per organization	`iam.max_audit_log_api_keys.per_org`
Kafka cluster provisioning requests per day	`kafka.max_kafka_creation.per_day`

The following command requests all of the quotas that apply to organizations. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max BYOK keys per organization",
  "id": "byok.max_keys.per_org",
  "applied_limit": 20,
  "usage": 5
}
{
  "display_name": "Max Audit Log API Keys Per Organization",
  "id": "iam.max_audit_log_api_keys.per_org",
  "applied_limit": 2
}
{
  "display_name": "Max Cloud API Keys Per Organization",
  "id": "iam.max_cloud_api_keys.per_org",
  "applied_limit": 1000,
  "usage": 510
}
{
  "display_name": "Max Environments Per Organization",
  "id": "iam.max_environments.per_org",
  "applied_limit": 25,
  "usage": 11
}
{
  "display_name": "Max Kafka Clusters Per Organization",
  "id": "iam.max_kafka_clusters.per_org",
  "applied_limit": 100,
  "usage": 56
}
{
  "display_name": "Max Service Accounts Per Organization",
  "id": "iam.max_service_accounts.per_org",
  "applied_limit": 100,
  "usage": 83
}
{
  "display_name": "Max Users Per Organization",
  "id": "iam.max_users.per_org",
  "applied_limit": 1000,
  "usage": 753
}
{
  "display_name": "Max Kafka Cluster Provisioning Requests Per Day",
  "id": "kafka.max_kafka_creation.per_day",
  "applied_limit": 10
}

Max BYOK keys per organization¶

The following command requests the byok.max_keys.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/byok.max_keys.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max BYOK keys per organization",
  "applied_limit": 20
}

Max API keys scoped for resource management for an organization¶

The following command requests the iam.max_cloud_api_keys.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Organization",
  "applied_limit": 1000,
  "usage": 682
}

Max environments for an organization¶

The following command requests the iam.max_environments.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_environments.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Environments Per Organization",
  "applied_limit": 25,
  "usage": 16
}

Max Kafka clusters for an organization¶

The following command requests the iam.max_kafka_clusters.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_kafka_clusters.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Kafka Clusters Per Organization",
  "applied_limit": 50,
  "usage": 44
}

Max service accounts for an organization¶

The following command requests the iam.max_service_accounts.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_service_accounts.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Service Accounts Per Organization",
  "applied_limit": 100,
  "usage": 83
}

Max user accounts for an organization¶

The following command requests the iam.max_users.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_users.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Users Per Organization",
  "applied_limit": 1000,
  "usage": 753
}

Max pending invitations for an organization¶

The following command requests the iam.max_pending_invitations.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_pending_invitations.per_organization' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max pending invitations per organization",
  "applied_limit": 150
}

Max audit log consumer API keys per organization¶

The following command requests the iam.max_audit_log_api_keys.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_audit_log_api_keys.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Audit Log API Keys Per Organization",
  "applied_limit": 2
}

Max Kafka cluster provisioning requests per day¶

The following command requests the kafka.max_kafka_creation.per_day quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_creation.per_day' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Kafka Cluster Provisioning Requests Per Day",
  "applied_limit": 10
}

Service account quotas¶

The following table shows the quotas that you can get for the Service account scope. For default values, see Service accounts.

Quota (maximum number)	Service Quotas code
Confluent Cloud API keys	`iam.max_cloud_api_keys.per_service_account`
Kafka API keys	`iam.max_cluster_api_keys.per_service_account`

The following command requests all of the quotas that apply to service accounts. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Note

The response includes quotas for all service accounts.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=service_account' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Service Account",
  "id": "iam.max_cloud_api_keys.per_service_account",
  "applied_limit": 100,
  "usage": 5
}
{
  "display_name": "Max Kafka API Keys Per Service Account",
  "id": "iam.max_cluster_api_keys.per_service_account",
  "applied_limit": 10,
  "usage": 8
}

Maximum API keys scoped for resource management per service account¶

The following command requests the iam.max_cloud_api_keys.per_service_account quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_service_account' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Service Account",
  "applied_limit": 100,
  "usage": 50
}

Max Kafka API keys per service account¶

The following command requests the iam.max_cluster_api_keys.per_service_account quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cluster_api_keys.per_service_account' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Kafka API Keys Per Service Account",
  "applied_limit": 100,
  "usage": 80
}

User account quotas¶

The following table shows the quotas that you can get for the User account scope. For default values, see User accounts.

Quota (maximum number)	Service Quotas code
Confluent Cloud API keys	`iam.max_cloud_api_keys.per_user`
Cluster API keys	`iam.max_cluster_api_keys.per_user`

The following command requests all of the quotas that apply to user accounts. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=user_account' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per User",
  "id": "iam.max_cloud_api_keys.per_user",
  "applied_limit": 10,
  "usage": 5
}
{
  "display_name": "Max Cluster API Keys Per User",
  "id": "iam.max_cluster_api_keys.per_user",
  "applied_limit": 10,
  "usage": 8
}

Maximum API keys scoped for resource management per user¶

The following command requests the iam.max_cloud_api_keys.per_user quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_user' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per User Account",
  "applied_limit": 10,
  "usage": 5
}

Max Cluster API keys per user¶

The following command requests the iam.max_cloud_api_keys.per_user quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_user' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cluster API Keys Per User Account",
  "applied_limit": 10,
  "usage": 8
}

Environment quotas¶

The following table shows the quotas that you can get for the Environment scope. For default values, see Environments.

Quota (maximum number)	Service Quotas code
Kafka clusters per environment	`kafka.max_kafka_clusters.per_env`
Pending Kafka clusters per environment	`kafka.max_pending_kafka_clusters.per_env`
Kafka cluster CKUs per environment	`kafka.max_ckus.per_env`
ksqlDB clusters per environment	`ksql.max_apps.per_env`

The following command requests all of the quotas that are active in your environment. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | .environment.kind,.environment.id,{display_name,id,applied_limit,usage}'

Your output should resemble:

 "Environment"
 "env-abc123"
 {
   "display_name": "Max Kafka Cluster CKUs Per Environment",
   "id": "kafka.max_ckus.per_env",
   "applied_limit": 50,
   "usage": 30
 }
 "Environment"
 "env-abc123"
 {
   "display_name": "Max Kafka Clusters Per Environment",
   "id": "kafka.max_kafka_clusters.per_env",
   "applied_limit": 20,
   "usage": 10
 }
 "Environment"
 "env-abc123"
 {
   "display_name": "Max Pending Kafka Clusters Per Environment",
   "id": "kafka.max_pending_kafka_clusters.per_env",
   "applied_limit": 3
 }
 "Environment"
 "env-abc123"
 {
   "display_name": "Max Ksql Apps Per Environment",
   "id": "ksql.max_apps.per_env",
   "applied_limit": 3
 }
 "Environment"
 "env-abc123"
 {
  "display_name": "Max network per environment",
  "id": "networking.max_network.per_environment",
  "applied_limit": 3,
  "usage": 1
}

Get your environment ID¶

Environment quota endpoints require the environment ID. You can get it from the Cloud Console, or you can use the confluent environment list command.

Run the following command to get a list of your Confluent Cloud environments.

confluent environment list

Your output should resemble:

      Id       |  Name
---------------+----------
  * env-abc123 | default

Save the environment ID in a safe and secure location.

Max clusters for an environment¶

The following command requests the kafka.max_kafka_clusters.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_clusters.per_env?environment=<env-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit,usage}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Kafka Clusters Per Environment",
  "applied_limit": 20,
  "usage": 10
}

Max cluster CKUs for an environment¶

The following command requests the kafka.max_ckus.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_ckus.per_env?environment=<env-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit,usage}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Kafka Cluster CKUs Per Environment",
  "applied_limit": 50,
  "usage": 30
}

Max pending clusters for an environment¶

The following command requests the kafka.max_pending_kafka_clusters.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_pending_kafka_clusters.per_env?environment=<env-id>'
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Pending Kafka Clusters Per Environment",
  "applied_limit": 3
}

Max ksqlDB clusters for an environment¶

The following command requests the ksql.max_apps.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/ksql.max_apps.per_env?environment=<env-id>'
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Ksql Apps Per Environment",
  "applied_limit": 10
}

Kafka cluster quotas¶

The following table shows the quotas that you can get for the Kafka cluster scope. For default values, see Kafka clusters.

Quota (maximum number)	Service Quotas code
(Dedicated) Kafka API keys	`kafka.max_api_keys.per_cluster`
(Enterprise) Kafka API keys	`kafka.max_api_keys.per_cluster`
(Standard) Kafka API keys	`kafka.max_api_keys.per_cluster`
(Basic) Kafka API keys	`kafka.max_api_keys.per_cluster`
Accounts that can create PrivateLink connections to the cluster	`kafka.max_private_links.per_cluster`
Peering connections	`kafka.max_peering.per_cluster`
CKUs	`kafka.max_ckus.per_cluster`
RBAC role bindings (with Kafka permissions)	`iam.max_rbac_role_bindings.per_cluster`

Note

The API keys quotas include keys owned by user accounts and by service accounts.
The response includes quotas for all clusters.

The following command requests all of the quotas that apply to Kafka clusters. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=kafka_cluster' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max API Keys Per Kafka Cluster",
  "id": "kafka.max_api_keys.per_cluster",
  "applied_limit": 100,
  "usage": 50
}
{
  "display_name": "Max CKUs Per Kafka Cluster",
  "id": "kafka.max_ckus.per_cluster",
  "applied_limit": 4,
  "usage": 2
}
{
  "display_name": "Max Peering Connections Per Kafka Cluster",
  "id": "kafka.max_peering.per_cluster",
  "applied_limit": 5
}
{
  "display_name": "Max Private Links Per Kafka Cluster",
  "id": "kafka.max_private_links.per_cluster",
  "applied_limit": 10
}

Get the Kafka cluster ID¶

The Kafka cluster quotas require a cluster ID parameter. Open the Cluster settings page in Confluent Cloud, or use the following ccloud command to get your cluster ID.

confluent kafka cluster list

Your output should resemble:

       Id      |   Name    | Type  | Cloud    |   Region    | Availability | Status
+--------------+-----------+-------+----------+-------------+--------------+--------+
  * lkc-xxxxxx | cluster_0 | BASIC | gcp      | us-central1 | single-zone  | UP

In this example, the cluster ID is lkc-xxxxxx.

Max API keys per Kafka cluster¶

The following command requests the kafka.max_api_keys.per_cluster quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_api_keys.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit,usage}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max API Keys Per Kafka Cluster",
  "id": "kafka.max_api_keys.per_cluster",
  "applied_limit": 20,
  "usage": 10
}

Max private links per Kafka cluster¶

The following command requests the kafka.max_private_links.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_private_links.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max Private Links Per Kafka Cluster",
  "id": "kafka.max_private_links.per_cluster",
  "applied_limit": 10
}

Max peering connections per Kafka cluster¶

The following command requests the kafka.max_peering.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_peering.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max Peering Connections Per Kafka Cluster",
  "id": "kafka.max_peering.per_cluster",
  "applied_limit": 5
}

Max CKUs per Kafka cluster¶

The following command requests the kafka.max_ckus.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_ckus.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max CKUs Per Kafka Cluster",
  "id": "kafka.max_ckus.per_cluster",
  "applied_limit": 4
}

Network quotas¶

The following table shows the quotas that you can get for the Network scope. For default values, see Networks.

Quota (maximum number)	Quotas service code
Number of peering connections per network	`networking.max_peering.per_network`
Number of private link connections per network	`networking.max_private_link.per_network`
Number of transit gateway attachments per network	`networking.max_transit_gateway.per_network`

The following command requests all of the quotas that apply to a network. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Note

The response includes quotas for all networks.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=network' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | .environment.kind,.environment.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max peering per network",
  "id": "networking.max_peering.per_network",
  "applied_limit": 25
}
"Environment"
"env-abc123"
{
  "display_name": "Max private link per network",
  "id": "networking.max_private_link.per_network",
  "applied_limit": 10
}
"Environment"
"env-abc123"
{
  "display_name": "Max transit gateway per network",
  "id": "networking.max_transit_gateway.per_network",
  "applied_limit": 1
}

Max peering connections per network¶

The following command requests the networking.max_peering.per_network quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/networking.max_peering.per_network?scope=network&environment=<env-id>&network=<network-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max peering per network",
  "applied_limit": 25,
  "usage": 10
}

Max private link connections per network¶

The following command requests the networking.max_private_link.per_network quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/networking.max_private_link.per_network?scope=network&environment=<env-id>&network=<network-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max private link per network",
  "applied_limit": 10,
  "usage": 5
}

Service Quotas API for Confluent Cloud¶

Get an API key and secret¶

Service Quotas API endpoints¶

Query a Service Quotas endpoint¶

Paged responses¶

RBAC Model¶

Example requests¶

Filtering¶

Query for scopes¶

Organization quotas¶

Max BYOK keys per organization¶

Max API keys scoped for resource management for an organization¶

Max environments for an organization¶

Max Kafka clusters for an organization¶

Max service accounts for an organization¶

Max user accounts for an organization¶

Max pending invitations for an organization¶

Max audit log consumer API keys per organization¶

Max Kafka cluster provisioning requests per day¶

Service account quotas¶

Maximum API keys scoped for resource management per service account¶

Max Kafka API keys per service account¶

User account quotas¶

Maximum API keys scoped for resource management per user¶

Max Cluster API keys per user¶

Environment quotas¶

Get your environment ID¶

Max clusters for an environment¶

Max cluster CKUs for an environment¶

Max pending clusters for an environment¶

Max ksqlDB clusters for an environment¶

Kafka cluster quotas¶

Get the Kafka cluster ID¶

Max API keys per Kafka cluster¶

Max private links per Kafka cluster¶

Max peering connections per Kafka cluster¶

Max CKUs per Kafka cluster¶

Network quotas¶

Max peering connections per network¶

Max private link connections per network¶

Related content¶