Over the past months, many of you have experienced periods of slowness and occasional service interruptions on Zenodo. We would like to explain the current situation and outline the steps we are taking to address it.

Increased traffic and automated access

Zenodo traffic has increased significantly, not only from human users but also from automated systems, including bots, harvesters for AI and people using AI. These systems generate a sustained and aggressive load on the platform. Many of these automated systems do not respect our rate limits and actively try to circumvent them, creating additional strain. On average, we now observe around 180 requests per second. At peak times during working hours, this can easily reach 250 requests per second and more. The current Zenodo infrastructure was designed based on the traffic patterns observed during the migration to the next-generation platform, InvenioRDM, in 2023, when the load was lower and more predictable.

This affects both browsing and file transfers, resulting in slower uploads and downloads, as well as occasional unavailability. Basic mitigation techniques such as blocking and rate limiting are no longer sufficient on their own. More advanced traffic management and protection mechanisms are required, together with infrastructure upgrades.

Planned improvements

In the coming weeks, we will progressively upgrade the platform and deploy additional mitigation measures to better handle the increased load and reduce the impact of abusive or malicious traffic. These changes will be rolled out step by step in order to preserve service continuity.

During this period, we kindly ask for your patience. At the moment, support requests related to performance issues or temporary slowness are difficult to address individually, as the root causes are already identified and are being handled at the infrastructure level.

As Zenodo grows, our support team is receiving more support requests than ever. While we work through these requests, the fastest way to find a solution is often through our Help Portal and FAQs. We've designed these resources to give you instant answers to common questions so you can get back to your research without the wait.

We will keep you informed of major developments and improvements as they are deployed.

As always, Zenodo remains committed to its core mission of supporting open science, reserving research outputs, and providing reliable access to research for the global community. Ensuring that research remains open, accessible, and reusable continues to guide our technical and operational decisions.

Thank you for your understanding and for your continued use of Zenodo.

As Zenodo continues to grow, we're taking steps to keep the service fast and reliable for everyone. Over the past year, we've seen a sharp rise in aggressive and covert harvesting activity targeting our search endpoints, and often at volumes that disrupt normal use. Our team has been blocking misbehaving clients on an almost daily basis to maintain stability for researchers who rely on Zenodo for browsing, searching, and depositing their work. As these attacks have intensified, we're introducing new rate limits on our records search API to help protect the platform and ensure fair access for all users.

What's changing?

Starting today, we're enforcing the following limits on our records search endpoints:

• Page sizes: Maximum 25 results per page for anonymous requests, 100 results per page for authenticated requests
• Request frequency: Maximum 30 requests per minute (for both anonymous and authenticated users)

These limits ensure that Zenodo remains responsive for everyone. The higher page limit for authenticated requests also allows us to contact users if we notice usage patterns that our other APIs could better serve.

Why these changes?

Our infrastructure prioritizes researchers who are searching, browsing, and discovering content on Zenodo. But we've seen automated systems request very large amounts of data very quickly (up to 500 requests per second), which uses up resources and slows things down for everyone else.

After analysing current access patterns, we designed these new limits to accommodate typical use cases. If you're just searching for related work, browsing records, or managing your community, you won't notice a difference.

Better alternatives for bulk data access

If you've built scripts, applications, or integrations using the search API for bulk harvesting, or need large amounts of Zenodo metadata (to build indexes, perform analysis, or keep external systems synchronized), we highly recommend using the following methods:

• OAI-PMH: A standardized protocol for harvesting metadata and keeping systems synchronized with repositories like Zenodo. It supports incremental updates (only fetching what's new or changed), filtering by community, and multiple metadata formats. OAI-PMH delivers 50 records per page and has the same 30 requests per minute limit.
• Metadata dumps: Monthly exports of all Zenodo metadata that you can download and process on your own systems. This is the most efficient way to access bulk metadata, especially if you need to analyze large portions of Zenodo's content. The dumps are available in DataCite XML and JSON formats.

Looking ahead

We're working to scale Zenodo sustainably while keeping the service responsive and user-friendly. We'll closely monitor how these changes perform and make adjustments if needed. As the threat landscape is evolving rapidly, we are very likely to introduce further mitigation measures in the future.

If you have questions regarding these changes, or need help transitioning to OAI-PMH or metadata dumps, please contact our support team.

Zenodo and Software Heritage, through the EU-funded FAIRCORE4EOSC project, have launched a new integration. In order to fulfill the promise of an interconnected and interoperable academic ecosystem, research software infrastructures should support the archiving of source code within the universal source code archive, contributing to the global software commons. This integration ensures that software source code deposited in Zenodo is automatically archived in Software Heritage. It implements the recommendations from the EOSC Scholarly Infrastructures for Research Software report:

“In the 21st century, many research activities use computing systems to monitor their experiments, to visualise or analyse their results, or to check hypotheses through simulation.It has therefore become essential to archive, preserve and share research software.”

“Over the past decade, awareness has been raised about the importance of software in the scholarly world. Several infrastructures have started to be built, or adapted, to address some of the following key challenges that need to be tackled to put software on equal footing with other research outputs in the scholarly world:

• Archiving software to ensure research software artifacts are not lost.
• Referencing software to ensure research artifacts can be precisely identified.
• Describing software to easily discover and identify research software artifacts.
• Crediting all authors to ensure their contributions are recognized.”

Zenodo: Research software + Versioning + GitHub

Zenodo has long had a strong focus on supporting research software. Since 2014 Zenodo has an integration with GitHub that enables researchers to easily archive research software in GitHub into Zenodo. Upon deposit of the research software in Zenodo (either from GitHub or directly in Zenodo), the researcher would obtain a DOI (Digital Object Identifier) which would facilitate the persistent identification of software and support researchers in adopting the Software Citation Principles, in particular in citing research software papers. The Zenodo versioning feature further enabled both the citation of individual snapshots of software vs. citing a software project as a whole. Today, Zenodo is the largest minter of software DOIs and is able to track citations to software independently of which persistent identifier was used in the citation.

Integration with Software Heritage

The new integration between Zenodo and Software Heritage enhances the capabilities to archive, reference, describe, and cite research software artifacts. Most of the process occurs behind the scenes, ensuring seamless and transparent software archiving for researchers, regardless of their workflow.

Figure 1 - Zenodo record for a software deposit showing that it has been archived in Software Heritage in the bottom right corner.

When a researcher deposits software in Zenodo, the software will be automatically sent to Software Heritage (if the files are publicly accessible). Zenodo then obtains the associated Software Hash Identifier (SWHID), links it with the DOI, and displays it on the record landing page. The DOI integrates with the scholarly publishing ecosystem, while the SWHID provides direct access to the archived source code, including the full version history. This bi-directional linking ensures interoperability between two key identifiers for research software.

Figure 2 - The corresponding Zenodo software record in Software Heritage.

In addition to archiving software in Software Heritage, Zenodo has enhanced the upload form with software-specific fields, such as programming languages and repository URLs on top of our already existing fields such as the SPDX license field. We’ve also added support for CodeMeta and Citation File Format export formats.

What’s next?

While the core integration with Software Heritage has launched, further backend improvements are planned for the coming six months, primarily aimed at improving interoperability. Additionally, this integration will be fully incorporated into InvenioRDM, making it easier for other repositories, such as institutional ones, to integrate with Software Heritage.

This work was funded by the European Commission through grant agreement no. 101057264 (FAIRCORE4EOSC).