The SEC EDGAR API rate limit in 2026 is 10 requests per second per requester, the same fair-access ceiling in force since July 2021, and the only hard requirement beyond it is a descriptive User-Agent header on every request. The data.sec.gov REST APIs (submissions, company facts, company concept, frames) and the EFTS full-text search are free, with no API key, no registration, and no paid tier. Exceed 10 req/s and your IP gets an HTTP 403 and a roughly 10-minute block. For an LLM filing pipeline this is plenty for ingestion but means you build the throttle, not the vendor. Model the call budget with the Finance MCP Directory read-only servers that wrap EDGAR.
TL;DR
| Fact | Verified value |
|---|---|
| Rate limit | 10 requests/second per requester |
| Auth | None, no API key, no registration |
| Required header | User-Agent identifying you (name + email) |
| Cost | Free for all endpoints |
| Endpoints | submissions, companyfacts, companyconcept, frames, full-text search |
| Over-limit penalty | HTTP 403 + ~10-minute IP block |
The rate limit and the User-Agent requirement are the two facts that break most first pipelines. Everything else is a question of which endpoint answers your query.
The 10 requests/second fair-access limit
The SEC limits each requester to no more than 10 requests per second, "regardless of the number of machines used to submit requests."1 The policy has been in place since July 27, 2021, when the SEC began rate-controlling automated access to EDGAR. It is a fair-access rule, not a tiered quota: there is no paid tier that lifts it, and no key that exempts you.
In practice, a request loop with a sleep(0.1) between calls keeps you under the line. Production pipelines target 8 req/s to leave headroom for jitter and retries. A request flagged as part of an unclassified bot that exceeds the limit returns HTTP 403 Forbidden, and the originating IP is blocked for approximately 10 minutes, during which every request from that IP fails.2
For a batch filing-ingestion job, 8 req/s is roughly 28,800 requests/hour. A full-text search sweep plus targeted submissions and company-facts pulls for a few thousand tickers fits comfortably inside an overnight window at that rate.
The User-Agent requirement
The single mandatory header is User-Agent. The SEC requires automated tools to declare a descriptive User-Agent string identifying the requester; the documented format is a name and contact email, for example Sample Company [email protected].1 A missing or empty User-Agent is the most common cause of a 403 on an otherwise valid request: it is not the rate limit biting, it is the identification requirement.
The bare default User-Agent that urllib, requests, or a stock HTTP client sends is treated as an unclassified bot. Set the header explicitly on every request.
The endpoints that matter for an LLM pipeline
All structured EDGAR data is served from https://data.sec.gov/. The older full-text search runs separately on efts.sec.gov.3
| Endpoint | Path shape | Returns |
|---|---|---|
| Submissions | /submissions/CIK{10-digit}.json |
Filing history + metadata for a company |
| Company Facts | /api/xbrl/companyfacts/CIK{10-digit}.json |
All XBRL facts a company has reported |
| Company Concept | /api/xbrl/companyconcept/CIK{10-digit}/us-gaap/{Concept}.json |
One concept (e.g. Revenues) across periods |
| Frames | /api/xbrl/frames/us-gaap/{Concept}/{Unit}/CY{Year}.json |
One concept across all companies for a period |
| Full-text search | efts.sec.gov query API |
Keyword search across filing bodies |
The CIK in the path is zero-padded to 10 digits. Company Facts is the workhorse for fundamentals extraction: it returns every XBRL-tagged number a company has filed, which is the structured complement to running an LLM over the unstructured 10-K narrative. Frames flips the axis: one financial concept across every filer for a given period, useful for peer screens.
Real-time filings: polling, not push
EDGAR does not publish a true push API for new filings. The real-time mechanism is the filing-index RSS/Atom feeds plus the full-text search, both of which you poll. For a near-real-time 8-K monitor, poll the latest-filings feed on a fixed interval inside the 10 req/s budget. There is no webhook, and no SLA on feed latency: treat it as best-effort, not a guaranteed event stream.
Bulk data: when polling is the wrong tool
For large-scale historical work, the SEC publishes bulk data dumps rather than expecting you to crawl the API. Quarterly and full-history archives are available for download, which is the correct path for a one-time corpus build (e.g. every 10-K body since 2010). Crawling that volume request-by-request at 8 req/s would take days and risk the block; the bulk files are a single large download.
What EDGAR does and does not give you
EDGAR gives you, free: every filing every US public company has submitted, the XBRL-tagged financials, and full-text search across filing bodies. That is the entire raw-data foundation for an LLM filings pipeline at zero data cost.
It does not give you: cleaned/normalized fundamentals (you get raw XBRL tags, which require mapping), sentiment or insights, news, real-time push, or any non-US coverage. For normalized fundamentals or news you pair EDGAR with a commercial vendor: see Polygon.io's news API tiers and the budget-data comparison in Tiingo vs Polygon vs Finnhub.
Verified engine output
The block below runs the Finance MCP Directory engine filtered to read-only MCP servers: the safe category for an EDGAR-style ingestion pipeline, where no execution surface should exist. The Polygon.io read-only server is the highest-graded read-only option the engine tracks; the engine output is computed live from the shipped bundle, not typed by hand.
Decision guidance
- Building a filings RAG corpus once? Use the bulk data dumps, not the API.
- Monitoring new filings? Poll the index feeds + full-text search inside 8 req/s.
- Extracting one company's fundamentals? Company Facts in one call.
- Screening one metric across the market? Frames.
- Need normalized fundamentals or news? EDGAR is the free base; layer a paid vendor on top.
Connects to
- Finance MCP Directory: read-only MCP servers that wrap EDGAR and other data sources.
- Polygon.io News API Pricing 2026: the news layer EDGAR does not provide.
- Cheapest LLM for SEC Filings 2026: once you have the filing text, the model cost to extract from it.
- Tiingo vs Polygon vs Finnhub 2026: the normalized-fundamentals vendors that complement raw EDGAR.
References
Footnotes
-
U.S. Securities and Exchange Commission. "Webmaster Frequently Asked Questions." sec.gov, verified 2026-05-25. https://www.sec.gov/about/webmaster-frequently-asked-questions ↩ ↩2
-
U.S. Securities and Exchange Commission. "SEC to apply new rate control limits to EDGAR websites." sec.gov, verified 2026-05-25. https://www.sec.gov/filergroup/announcements-old/new-rate-control-limits ↩
-
U.S. Securities and Exchange Commission. "Accessing EDGAR Data" / "Developer Resources." sec.gov, verified 2026-05-25. https://www.sec.gov/about/developer-resources ↩
Verified engine output
Show the recompute-verified inputs and outputs
| scope | read-only |
|---|
| total | 7 |
|---|---|
| filtered | 3 |
| servers › row 1 › id | polygon-mcp |
| servers › row 1 › name | Polygon.io MCP Server |
| servers › row 1 › vendor | polygon |
| servers › row 1 › official | true |
| servers › row 1 › url | https://github.com/polygon-io/mcp-polygon |
| servers › row 1 › description | Official Polygon.io MCP server. Read-only access to all Polygon equities, options, crypto, FX data endpoints. |
| servers › row 1 › scope | read-only |
| servers › row 1 › auth | api-key |
| servers › row 1 › idempotency supported | false |
| servers › row 1 › transport | stdio+http |
| servers › row 1 › schema quality | A |
| servers › row 1 › license | Apache-2.0 |
| servers › row 1 › last commit | 2026-04-10 |
| servers › row 1 › capabilities › row 1 | stocks aggregates (daily / minute / sec / tick) |
| servers › row 1 › capabilities › row 2 | options chains |
| servers › row 1 › capabilities › row 3 | crypto trades + quotes |
| servers › row 1 › capabilities › row 4 | forex rates |
| servers › row 1 › capabilities › row 5 | news API |
| servers › row 1 › capabilities › row 6 | reference data |
| servers › row 1 › security notes › row 1 | Read-only scope — no trade execution surface |
| servers › row 1 › security notes › row 2 | API key required; safe to scope tightly |
| servers › row 1 › security notes › row 3 | No idempotency concern (no writes) |
| servers › row 1 › overall grade | A |
| servers › row 2 › id | databento-mcp |
| servers › row 2 › name | Databento MCP Server (community) |
| servers › row 2 › vendor | databento |
| servers › row 2 › official | false |
| servers › row 2 › url | https://github.com/databento-contrib/databento-mcp |
| servers › row 2 › description | Community-maintained Databento MCP server. Wraps historical + live data endpoints. Not endorsed by Databento; verify schemas against docs. |
| servers › row 2 › scope | read-only |
| servers › row 2 › auth | api-key |
| servers › row 2 › idempotency supported | false |
| servers › row 2 › transport | stdio |
| servers › row 2 › schema quality | B |
| servers › row 2 › license | MIT |
| servers › row 2 › last commit | 2026-03-28 |
| servers › row 2 › capabilities › row 1 | historical OHLCV |
| servers › row 2 › capabilities › row 2 | tick data (limited) |
| servers › row 2 › capabilities › row 3 | futures |
| servers › row 2 › capabilities › row 4 | symbology lookups |
| servers › row 2 › security notes › row 1 | Unofficial — review schema fidelity before production use |
| servers › row 2 › security notes › row 2 | Does not rate-limit; relies on Databento's server-side meter |
| servers › row 2 › security notes › row 3 | Billing tracked via Databento meter — test runs cost money |
| servers › row 2 › overall grade | C |
| servers › row 3 › id | tiingo-mcp |
| servers › row 3 › name | Tiingo MCP (community) |
| servers › row 3 › vendor | tiingo |
| servers › row 3 › official | false |
| servers › row 3 › url | https://github.com/community/tiingo-mcp |
| servers › row 3 › description | Community Tiingo MCP. Read-only access to EOD equities, news API, fundamentals, crypto. |
| servers › row 3 › scope | read-only |
| servers › row 3 › auth | api-key |
| servers › row 3 › idempotency supported | false |
| servers › row 3 › transport | stdio |
| servers › row 3 › schema quality | B |
| servers › row 3 › license | MIT |
| servers › row 3 › last commit | 2026-03-05 |
| servers › row 3 › capabilities › row 1 | EOD equities |
| servers › row 3 › capabilities › row 2 | intraday (limited tiers) |
| servers › row 3 › capabilities › row 3 | news |
| servers › row 3 › capabilities › row 4 | fundamentals |
| servers › row 3 › capabilities › row 5 | crypto |
| servers › row 3 › security notes › row 1 | Read-only — no execution risk |
| servers › row 3 › security notes › row 2 | Does not expose API key in responses |
| servers › row 3 › overall grade | C |
Computed live at build time.
Frequently asked questions
- Is the SEC EDGAR API free in 2026?
- Yes. The data.sec.gov REST APIs and full-text search are free with no API key, no registration, and no paid tier.
- What is the EDGAR API rate limit?
- 10 requests per second per requester, counted across all machines you use. It has been the policy since July 2021.
- Do I need an API key for EDGAR?
- No. The only requirement is a descriptive User-Agent header identifying you by name and email. A missing User-Agent is the most common cause of a 403.
- Does EDGAR push new filings in real time?
- No. There is no webhook or push API. You poll the filing-index feeds and full-text search; latency is best-effort with no SLA.
- Should I crawl the API or use bulk data for a full historical corpus?
- Use the bulk data dumps. Crawling the full archive request-by-request at the rate limit would take days and risk an IP block.