Service Quotas API in Confluent Cloud

Use the Service Quotas API to discover default quota limits, applied quotas, and your current usage of Confluent Cloud resources. You can query for quotas at different scopes, like organization, environment, and Kafka cluster.

Note

Some service quotas show only applied limits, not usage.

For more information on default limit values and usage availability, see Service Quotas for Confluent Cloud.

Important

The code examples below use jq to filter and transform JSON data into a more readable format. For more information, see jq (README).

Get a Cloud API key and secret

To communicate with the Service Quotas API, you need a Confluent Cloud API key and API secret. You can generate an API key pair by using the Confluent CLI or Cloud Console.

Confluent CLIConfluent Cloud Console

1. Install the Confluent CLI.

2. Log in by using the confluent login command with your credentials.

3. Run the following command to create the API key and secret.

   confluent api-key create --resource cloud --description <key_description>
   

   Your output should resemble:

   It may take a couple of minutes for the API key to be ready.
   Save the API key and secret. The secret is not retrievable later.
   +---------+------------------------------------------------------------------+
   | API Key | 4U5U9B0BIMPSXIXX                                                 |
   | Secret  | 7oNqCMSI890Ay7CeGBoBDoBBsSttOMJ5oFUwwkhj7g7MlS3p01c99C6ao84pQb8X |
   +---------+------------------------------------------------------------------+
   

For more information, see Create a Cloud API key.

After you generate the API key and API secret, save them in a safe and secure location. All calls to the Quotas API require them for authentication.

Note

Cloud API keys are distinct from the Kafka cluster API keys. You can’t use cluster API keys to call Confluent Cloud APIs.

Service Quotas API endpoints

You can query for limits that apply currently to the following scopes.

Scope parameter	Description
organization	Limits applied to organizations
user_account	Limits for user accounts
service_account	Limits for service principal accounts
environment	Limits applied to environments in an organization
kafka_cluster	Limits applied to Kafka clusters
network	Limits applied to networks

Access the Service Quotas API by making requests to the following endpoints.

Scopes

Get the available scopes that quotas apply to.

https://api.confluent.cloud/service-quota/v1/scopes

Organization

Get the limits that are applied to organizations.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization

Service account

Get the limits that are applied to service principal accounts.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=service_account

User account

Get the limits that are applied to user accounts.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=user_account

Environment

Get the limits that are applied to your environments.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment

Kafka Cluster

Get the limits that are applied to your Kafka clusters.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=kafka_cluster

Network

Get the limits that are applied to your networks.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=network

Query a Service Quotas endpoint

Requests to the Service Quotas API have two possible request formats.

• List of quotas: Use the following format to retrieve a list of applied quotas:

  https://api.confluent.cloud/service-quota/v1/applied-quotas?<param1>=<value1>&<param2>=<value2>&...
  

  For example, the following request gets a list of all applied quotas in your environment:

  https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment
  

  List requests require the scope parameter and may have optional parameters, like page_size.

• Single quota: Use the following format to read a particular applied quota:

  https://api.confluent.cloud/service-quota/v1/applied-quotas/<quota-id>?<param1>=<value1>&<param2>=<value2>&...
  

  For example, to get the quota for the maximum number of Kafka clusters in a specific environment, provide the kafka.max_kafka_clusters.per_env quota ID and the environment ID:

  https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_clusters.per_env?environment=<env-id>
  

  A request to read a specific quota must specify a combination of identifiers for the environment, cluster, or network, depending on the context.

In a command shell, you can access the endpoints by using the curl command. Use the API key and API secret that you saved earlier as the user name and password for the --user option. Remember to separate them with the : character.

curl --request GET \
  --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?<param1>=<value1>&<param2>=<value2>&...' \
  --user '<api-key>:<api-secret>'

The response is JSON, so you can use tools like jq to get the quota values and metadata, like page tokens.

Note

• The Applied Quotas response objects have a field named usage that appears only if the requested quota supports usage data. If the quota doesn’t support usage data, no usage attribute is returned in the response body.

Paged responses

For long lists of quotas, you can request paged responses. For example, the following request specifies a page_size of 2.

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization&page_size=2

The JSON response has a next key that has a URL to request the next page of results. The following command shows how to use jq to extract the key so you can use it in your next request.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization&page_size=2' \
     --user '<api-key>:<api-secret>' \
     | jq '.metadata | {next}'

Your output should resemble:

{
  "next": "https://api.confluent.cloud/service-quota/v1/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0="
}

Use the full next URL in another request to get the next page:

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0=' \
     --user '<api-key>:<api-secret>'

RBAC Model

If the API Key owner has the OrganizationAdmin role, they can see all available quotas.

If the API Key owner is an EnvironmentAdmin, ClusterAdmin, or NetworkAdmin, they can see only quotas that are relevant to the specific environment, cluster, or network their roles allow them access to.

To query quotas from the user_account or service_account scope, you must be an OrganizationAdmin.

A user can only query quotas for their own user account.

The only way to query quotas for a group of service accounts is to make a GET call to the service_account endpoint, which returns the full list of quotas associated with each service account.

Example requests

The following example commands show how to query for many of the applied quota limits, but they don’t comprise an exhaustive list.

• Query for scopes
• Organization quotas
• Service account quotas
• User account quotas
• Environment quotas
• Kafka cluster quotas
• Network quotas

Filtering

• When querying quotas in the kafka_cluster scope, only kafka_cluster, environment, and id (quota code) filters can be specified.
• When querying quotas in the network scope, only network, environment, and id (quota code) filters can be specified.
• When querying quotas in the environment scope, only the environment and id (quota code) filters can be specified.
• When querying quotas in the organization, user_account, or service_account scopes, only the id (quota code) filter can be specified.
• On a LIST call where the id (quota code) filter value is valid, but not for the specified scope, the result is a 400 error.
• On a LIST call where the id (quota code) filter is invalid, the result is a 400 error.

Query for scopes

Run the following command to query for the available quota scopes.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/scopes' \
     --user '<api-key>:<api-secret>'
     | jq '.data[] | {id}'

Your output should resemble:

{
  "id": "user_account"
}
{
  "id": "service_account"
}
{
  "id": "organization"
}
{
  "id": "environment"
}
{
  "id": "network"
}
{
  "id": "kafka_cluster"
}

You use the id string for the scope parameter in requests to the applied-quotas endpoint. For example, the following request gets the active quotas for your environments:

https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment

Organization quotas

The following table shows the quotas that you can get for the Organization scope. For default values, see Organization.

Quota (maximum number)	Service quotas code
Environments per organization	iam.max_environments.per_org
RBAC role bindings (total)	iam.max_rbac_role_bindings_all_roles.per_org
RBAC role bindings (with Kafka permissions)	iam.max_rbac_role_bindings.per_org_plus_envs
Kafka clusters per organization	iam.max_kafka_clusters.per_org
Cloud API keys per organization	iam.max_cloud_api_keys.per_org
BYOK keys per organization	byok.max_keys.per_org
User accounts per organization	iam.max_users.per_org
Invitations per organization	iam.max_pending_invitations.per_org
Service accounts per organization	iam.max_service_accounts.per_org
Audit log consumer API keys per organization	iam.max_audit_log_api_keys.per_org
Kafka cluster provisioning requests per day	kafka.max_kafka_creation.per_day

The following command requests all of the quotas that apply to organizations. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max BYOK keys per organization",
  "id": "byok.max_keys.per_org",
  "applied_limit": 20,
  "usage": 5
}
{
  "display_name": "Max Audit Log API Keys Per Organization",
  "id": "iam.max_audit_log_api_keys.per_org",
  "applied_limit": 2
}
{
  "display_name": "Max Cloud API Keys Per Organization",
  "id": "iam.max_cloud_api_keys.per_org",
  "applied_limit": 1000,
  "usage": 510
}
{
  "display_name": "Max Environments Per Organization",
  "id": "iam.max_environments.per_org",
  "applied_limit": 25,
  "usage": 11
}
{
  "display_name": "Max Kafka Clusters Per Organization",
  "id": "iam.max_kafka_clusters.per_org",
  "applied_limit": 100,
  "usage": 56
}
{
  "display_name": "Max Service Accounts Per Organization",
  "id": "iam.max_service_accounts.per_org",
  "applied_limit": 100,
  "usage": 83
}
{
  "display_name": "Max Users Per Organization",
  "id": "iam.max_users.per_org",
  "applied_limit": 1000,
  "usage": 753
}
{
  "display_name": "Max Kafka Cluster Provisioning Requests Per Day",
  "id": "kafka.max_kafka_creation.per_day",
  "applied_limit": 10
}

Max BYOK keys per organization

The following command requests the byok.max_keys.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/byok.max_keys.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max BYOK keys per organization",
  "applied_limit": 20
}

Max Cloud API keys for an organization

The following command requests the iam.max_cloud_api_keys.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Organization",
  "applied_limit": 1000,
  "usage": 682
}

Max environments for an organization

The following command requests the iam.max_environments.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_environments.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Environments Per Organization",
  "applied_limit": 25,
  "usage": 16
}

Max Kafka clusters for an organization

The following command requests the iam.max_kafka_clusters.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_kafka_clusters.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Kafka Clusters Per Organization",
  "applied_limit": 50,
  "usage": 44
}

Max service accounts for an organization

The following command requests the iam.max_service_accounts.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_service_accounts.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Service Accounts Per Organization",
  "applied_limit": 100,
  "usage": 83
}

Max user accounts for an organization

The following command requests the iam.max_users.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_users.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Users Per Organization",
  "applied_limit": 1000,
  "usage": 753
}

Max pending invitations for an organization

The following command requests the iam.max_pending_invitations.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_pending_invitations.per_organization' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max pending invitations per organization",
  "applied_limit": 150
}

Max audit log consumer API keys per organization

The following command requests the iam.max_audit_log_api_keys.per_org quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_audit_log_api_keys.per_org' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Audit Log API Keys Per Organization",
  "applied_limit": 2
}

Max Kafka cluster provisioning requests per day

The following command requests the kafka.max_kafka_creation.per_day quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_creation.per_day' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit}'

Your output should resemble:

{
  "display_name": "Max Kafka Cluster Provisioning Requests Per Day",
  "applied_limit": 10
}

Service account quotas

The following table shows the quotas that you can get for the Service account scope. For default values, see Service Account.

Quota (maximum number)	Service Quotas code
Confluent Cloud API keys	iam.max_cloud_api_keys.per_service_account
Kafka API keys	iam.max_cluster_api_keys.per_service_account

The following command requests all of the quotas that apply to service accounts. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Note

• The response includes quotas for all service accounts.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=service_account' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Service Account",
  "id": "iam.max_cloud_api_keys.per_service_account",
  "applied_limit": 10,
  "usage": 5
}
{
  "display_name": "Max Kafka API Keys Per Service Account",
  "id": "iam.max_cluster_api_keys.per_service_account",
  "applied_limit": 10,
  "usage": 8
}

Max Cloud API keys per service account

The following command requests the iam.max_cloud_api_keys.per_service_account quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_service_account' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per Service Account",
  "applied_limit": 100,
  "usage": 50
}

Max Kafka API keys per service account

The following command requests the iam.max_cluster_api_keys.per_service_account quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cluster_api_keys.per_service_account' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Kafka API Keys Per Service Account",
  "applied_limit": 100,
  "usage": 80
}

User account quotas

The following table shows the quotas that you can get for the User account scope. For default values, see User Account.

Quota (maximum number)	Service Quotas code
Confluent Cloud API keys	iam.max_cloud_api_keys.per_user
Cluster API keys	iam.max_cluster_api_keys.per_user

The following command requests all of the quotas that apply to user accounts. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=user_account' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per User",
  "id": "iam.max_cloud_api_keys.per_user",
  "applied_limit": 10,
  "usage": 5
}
{
  "display_name": "Max Cluster API Keys Per User",
  "id": "iam.max_cluster_api_keys.per_user",
  "applied_limit": 10,
  "usage": 8
}

Max Cloud API keys per user

The following command requests the iam.max_cloud_api_keys.per_user quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_user' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cloud API Keys Per User Account",
  "applied_limit": 10,
  "usage": 5
}

Max Cluster API keys per user

The following command requests the iam.max_cloud_api_keys.per_user quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_user' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max Cluster API Keys Per User Account",
  "applied_limit": 10,
  "usage": 8
}

Environment quotas

The following table shows the quotas that you can get for the Environment scope. For default values, see Environment.

Quota (maximum number)	Service Quotas code
Kafka clusters per environment	kafka.max_kafka_clusters.per_env
Pending Kafka clusters per environment	kafka.max_pending_kafka_clusters.per_env
Kafka cluster CKUs per environment	kafka.max_ckus.per_env
ksqlDB clusters per environment	ksql.max_apps.per_env

The following command requests all of the quotas that are active in your environment. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | .environment.kind,.environment.id,{display_name,id,applied_limit,usage}'

Your output should resemble:

 "Environment"
 "env-abc123"
 {
   "display_name": "Max Kafka Cluster CKUs Per Environment",
   "id": "kafka.max_ckus.per_env",
   "applied_limit": 50,
   "usage": 30
 }
 "Environment"
 "env-abc123"
 {
   "display_name": "Max Kafka Clusters Per Environment",
   "id": "kafka.max_kafka_clusters.per_env",
   "applied_limit": 20,
   "usage": 10
 }
 "Environment"
 "env-abc123"
 {
   "display_name": "Max Pending Kafka Clusters Per Environment",
   "id": "kafka.max_pending_kafka_clusters.per_env",
   "applied_limit": 3
 }
 "Environment"
 "env-abc123"
 {
   "display_name": "Max Ksql Apps Per Environment",
   "id": "ksql.max_apps.per_env",
   "applied_limit": 3
 }
 "Environment"
 "env-abc123"
 {
  "display_name": "Max network per environment",
  "id": "networking.max_network.per_environment",
  "applied_limit": 3,
  "usage": 1
}

Get your environment ID

Environment quota endpoints require the environment ID. You can get it from the Cloud Console, or you can use the confluent environment list command.

Confluent CLIConfluent Cloud Console

Run the following command to get a list of your Confluent Cloud environments.

confluent environment list

Your output should resemble:

      Id       |  Name
---------------+----------
  * env-abc123 | default

Save the environment ID in a safe and secure location.

Max clusters for an environment

The following command requests the kafka.max_kafka_clusters.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_clusters.per_env?environment=<env-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit,usage}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Kafka Clusters Per Environment",
  "applied_limit": 20,
  "usage": 10
}

Max cluster CKUs for an environment

The following command requests the kafka.max_ckus.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_ckus.per_env?environment=<env-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit,usage}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Kafka Cluster CKUs Per Environment",
  "applied_limit": 50,
  "usage": 30
}

Max pending clusters for an environment

The following command requests the kafka.max_pending_kafka_clusters.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_pending_kafka_clusters.per_env?environment=<env-id>'
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Pending Kafka Clusters Per Environment",
  "applied_limit": 3
}

Max ksqlDB clusters for an environment

The following command requests the ksql.max_apps.per_env quota. Replace <env-id>, <api-key>, and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/ksql.max_apps.per_env?environment=<env-id>'
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,{display_name,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max Ksql Apps Per Environment",
  "applied_limit": 10
}

Kafka cluster quotas

The following table shows the quotas that you can get for the Kafka cluster scope. For default values, see Kafka Cluster.

Quota (maximum number)	Service Quotas code
(Dedicated) Kafka API keys	kafka.max_api_keys.per_cluster
(Enterprise) Kafka API keys	kafka.max_api_keys.per_cluster
(Standard) Kafka API keys	kafka.max_api_keys.per_cluster
(Basic) Kafka API keys	kafka.max_api_keys.per_cluster
Accounts that can create PrivateLink connections to the cluster	kafka.max_private_links.per_cluster
Peering connections	kafka.max_peering.per_cluster
CKUs	kafka.max_ckus.per_cluster
RBAC role bindings (with Kafka permissions)	iam.max_rbac_role_bindings.per_cluster

Note

• The API keys quotas include keys owned by user accounts and by service accounts.
• The response includes quotas for all clusters.

The following command requests all of the quotas that apply to Kafka clusters. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=kafka_cluster' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | {display_name,id,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max API Keys Per Kafka Cluster",
  "id": "kafka.max_api_keys.per_cluster",
  "applied_limit": 100,
  "usage": 50
}
{
  "display_name": "Max CKUs Per Kafka Cluster",
  "id": "kafka.max_ckus.per_cluster",
  "applied_limit": 4,
  "usage": 2
}
{
  "display_name": "Max Peering Connections Per Kafka Cluster",
  "id": "kafka.max_peering.per_cluster",
  "applied_limit": 5
}
{
  "display_name": "Max Private Links Per Kafka Cluster",
  "id": "kafka.max_private_links.per_cluster",
  "applied_limit": 10
}

Get the Kafka cluster ID

The Kafka cluster quotas require a cluster ID parameter. Open the Cluster settings page in Confluent Cloud, or use the following ccloud command to get your cluster ID.

confluent kafka cluster list

Your output should resemble:

       Id      |   Name    | Type  | Provider |   Region    | Availability | Status
+--------------+-----------+-------+----------+-------------+--------------+--------+
  * lkc-xxxxxx | cluster_0 | BASIC | gcp      | us-central1 | single-zone  | UP

In this example, the cluster ID is lkc-xxxxxx.

Max API keys per Kafka cluster

The following command requests the kafka.max_api_keys.per_cluster quota.

Replace <api-key> and <api-secret> with the values you saved earlier.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_api_keys.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit,usage}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max API Keys Per Kafka Cluster",
  "id": "kafka.max_api_keys.per_cluster",
  "applied_limit": 20,
  "usage": 10
}

Max private links per Kafka cluster

The following command requests the kafka.max_private_links.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_private_links.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max Private Links Per Kafka Cluster",
  "id": "kafka.max_private_links.per_cluster",
  "applied_limit": 10
}

Max peering connections per Kafka cluster

The following command requests the kafka.max_peering.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_peering.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max Peering Connections Per Kafka Cluster",
  "id": "kafka.max_peering.per_cluster",
  "applied_limit": 5
}

Max CKUs per Kafka cluster

The following command requests the kafka.max_ckus.per_cluster quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_ckus.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
  "display_name": "Max CKUs Per Kafka Cluster",
  "id": "kafka.max_ckus.per_cluster",
  "applied_limit": 4
}

Network quotas

The following table shows the quotas that you can get for the Network scope. For default values, see Network.

Quota (maximum number)	Quotas service code
Number of peering connections per network	networking.max_peering.per_network
Number of private link connections per network	networking.max_private_link.per_network
Number of transit gateway attachments per network	networking.max_transit_gateway.per_network

The following command requests all of the quotas that apply to a network. Also, it uses jq to filter the JSON response and show the display name, ID, and current value for each quota.

Note

• The response includes quotas for all networks.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=network' \
     --user '<api-key>:<api-secret>' \
     | jq '.data[] | .environment.kind,.environment.id,{display_name,id,applied_limit}'

Your output should resemble:

"Environment"
"env-abc123"
{
  "display_name": "Max peering per network",
  "id": "networking.max_peering.per_network",
  "applied_limit": 25
}
"Environment"
"env-abc123"
{
  "display_name": "Max private link per network",
  "id": "networking.max_private_link.per_network",
  "applied_limit": 10
}
"Environment"
"env-abc123"
{
  "display_name": "Max transit gateway per network",
  "id": "networking.max_transit_gateway.per_network",
  "applied_limit": 1
}

Max peering connections per network

The following command requests the networking.max_peering.per_network quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/networking.max_peering.per_network?scope=network&environment=<env-id>&network=<network-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max peering per network",
  "applied_limit": 25,
  "usage": 10
}

Max private link connections per network

The following command requests the networking.max_private_link.per_network quota.

curl --request GET \
     --url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/networking.max_private_link.per_network?scope=network&environment=<env-id>&network=<network-id>' \
     --user '<api-key>:<api-secret>' \
     | jq '{display_name,applied_limit,usage}'

Your output should resemble:

{
  "display_name": "Max private link per network",
  "applied_limit": 10,
  "usage": 5
}