Veeva Vault provides a simple, powerful, and secure API that allows software programmers to write scripts and programs to interact and integrate with Veeva Vault. Using Veeva Vault API, your organization can build tools to import, update, and retrieve documents or object records. Veeva Vault API respects all the same business and access control roles as the Vault UI.
Developers can consult the Veeva Vault Developer Portal for reference information and details about using the API.
About API Transaction Limits
Vault limits the number of API calls that can be made every 5 minutes (burst). When a Vault has reached the burst limit, each subsequent API will be delayed by 500ms until the burst period has expired.
About Authentication API Transaction Limits
Vault limits the number of Authentication API calls that can be made every minute (burst) based on the user name and the domain name used in the API call. When the limit is reached, the API returns an API_LIMIT_EXCEEDED error message and no further Authentication API calls to the Vault will be processed.
Check the API Usage Logs to determine the Vault Authentication API burst limit for your Vault.
Note: Vault only applies burst limits to username/password calls made to /api/{version}/auth and does not impose the burst limit for SAML/SSO and OAuth Authentication API calls.
Viewing API Transaction Limits & Counts
Each API call made to your Vault (Create, Retrieve, Update, or Delete) is counted in the Burst API Count. This count includes the number of API calls made in the past 5 minutes and the total number allowed. This is reset every 5 minutes.
To view this information, go to Admin > Settings > General Settings.
About Client IDs
For additional tracking purposes, integration developers can include an optional client ID with Vault REST API calls to represent an external integration client. This ID can help your organization understand where an API call originated. For example, two API requests may be difficult to distinguish from one another if the requests are made to the same endpoint, from the same office IP, and use the same Vault migration user. With a client ID, your organization can determine that the veeva-vault-tools-server-loader ID, for example, originated from your organization’s Vault Loader team.
Developers can learn more about how to implement client IDs in the Developer Portal.
About Client ID Filtering
We recommend using and enforcing client IDs when managing inbound External Connections. Client ID filtering enables Vault Admins to allow only known, trusted client IDs to connect to your Vault. Vault Admins can define known client IDs for Connections on the connection record detail page.
By default, any client ID can connect to your Vault through an external connection. To require use of a known client ID for your organization’s external connections, select Enable Client ID Filtering from Admin > Settings > General Settings. Once enabled, Vault will reject any API requests originating with a client ID that does not match one of your active External Connections.
Trusted Veeva Vault client IDs are always accepted. For example, Vault Loader, Vault Mobile, Veeva Snap, and Station Manager.