Authentication API: Rate limits for the Authentication API and API endpoints n the Private Cloud Basic 100 RPS (1x) subscription tier.
Authentication API: Rate limits for the Authentication API and API endpoints n the Private Cloud Basic 100 RPS (1x) subscription tier.
| Endpoint | Method | Burst Limit | Sustained Limit | Limit Type |
|---|---|---|---|---|
| Authentication API | — | 100 | 100/second | Global |
| User Info | GET, POST | 10 | 5/minute | Per User |
| Change Password / Reset Password | POST | 10 | 1/minute | Per IP + Email |
| Get Passwordless Code or Link | GET, POST | 50 | 50/hour | Per IP |
| Native Social Login (Apple / Facebook) | POST | 50 | 500/minute | Global |
| Dynamic Application Registration | POST | 5 | 5/second | Global |
| Universal Logout | POST | 35 | 35/second | Global |
| Pushed Authorization Requests (PAR) | POST | 100 | 100/second | Global |
| Back-Channel Authorize (CIBA) | POST | 500 | 500/minute | Global |
| Device Code Activation (no prompt) | POST | 30 | 6/second | Global |
| Device Code Authorization | POST | 5 | 5/second | Global |
| MFA OOB Token Exchange | POST | 12 | 12/minute | Global |
| Custom Token Exchange | POST | 15 | 15/second | Global |
| Write Token Exchange Profiles | POST, PATCH, DELETE | 5 | 100/second | Global |
| Read Token Exchange Profiles | GET | 20 | 200/second | Global |
| Delegation | POST | 10 | 1/minute | Global |
Management API: Rate limits for the Management API, API endpoints, and API endpoint groups in the Private Cloud Basic 100 RPS (1x) subscription.
Management API: Rate limits for the Management API, API endpoints, and API endpoint groups in the Private Cloud Basic 100 RPS (1x) subscription.
| Endpoint | Method | Burst Limit (RPS) | Sustained Limit (RPM) |
|---|---|---|---|
| MGMT API Prod | — | 50 | 3,000/minute |
| Organizations Read | GET | 10 | 100/minute |
| User Organizations Read | GET | 40 | 500/minute |
| Organizations by Name Read | GET | 20 | 200/minute |
| Organizations Write | POST | 5 | 150/minute |
| Org Members Read | GET | 40 | 500/minute |
| Org Members Write | POST | 20 | 200/minute |
| Org Invitation Read | GET | 20 | 200/minute |
| Org Member Roles Read | GET | 20 | 200/minute |
| Org Member Roles Write | POST | 20 | 200/minute |
| Org Connections Read | GET | 10 | 100/minute |
| Org Connections Write | POST | 5 | 150/minute |
| Org Client Grants Read | POST | 10 | 100/minute |
| Org Client Grants Write | POST | 5 | 150/minute |
| Clients Read Q Query | GET | 5 | 150/minute |
| Extensions Read | GET | 5 | 150/minute |
| Token Exchange Profiles Read | POST | 20 | 200/minute |
| Token Exchange Profiles Write | POST | 5 | 100/minute |
| Users Search | GET | 50 | — |
| Users Write | POST | 30 | 1,000/minute |
| Effective Roles Read | GET | 10 | 100/minute |
| Effective Permissions Read | GET | 10 | 100/minute |
SCIM API: Rate limits for the inbound SCIM API endpoints in the Private Cloud Basic 100 RPS (1x) subscription type.
SCIM API: Rate limits for the inbound SCIM API endpoints in the Private Cloud Basic 100 RPS (1x) subscription type.
| Endpoint Path | Operation | Limit | |
|---|---|---|---|
| Single SCIM connection endpoint | /scim/v2/connections/{connection-id} | Any request | 25 requests per second |
| Global tenant limit for all SCIM connections | /scim/v2/connections/* | Any request | 100 requests per second |
Universal Login Flow Endpoints: Rate limits for the endpoints utilized for the Universal Login Authentication Flow for all subscription types.
Universal Login Flow Endpoints: Rate limits for the endpoints utilized for the Universal Login Authentication Flow for all subscription types.
| Endpoint | Method | Burst Request Limit | Sustained Request Limit |
|---|---|---|---|
| Universal login prompts (global) | GET, POST | 500 | 500/minute |
| Universal login prompts (per prompt) | GET | 20 | 10/minute |
| Universal login prompts (per prompt) | POST | 10 | 5/minute |
| Password reset prompt | GET | 500 | 500/minute |
| MFA push enrollment prompt | GET, POST | 500 | 500/minute |
| MFA push challenge prompt | GET, POST | 500 | 500/minute |
| MFA SMS enrollment prompt | GET | 20 | 10/minute |
| MFA SMS enrollment prompt | POST | 10 | 5/minute |
| MFA SMS enrollment verify prompt | GET | 20 | 10/minute |
| MFA SMS enrollment verify prompt | POST | 10 | 5/minute |
| Passwordless SMS challenge prompt | GET, POST | 5 | 5/minute |
| Passwordless email challenge prompt | GET, POST | 5 | 5/minute |
| Phone verification enrollment prompt | GET, POST | 5 | 5/minute |
| Phone verification challenge prompt | GET, POST | 5 | 5/minute |
| Device code prompt | GET, POST | 5 | 5/second |
Additional MFA rate limits: Additional MFA rate limits.
Additional MFA rate limits: Additional MFA rate limits.
| Endpoint | Method | Burst Limit (RPS) | Sustained Limit (RPM) |
|---|---|---|---|
| Global Guardian by Tenant | — | 50 | — |
My Organization API
My Organization API
| Endpoint | Method | Burst Limit (RPS) | Sustained Limit (RPM) |
|---|---|---|---|
| Global Limit | — | 20 | — |
Server API
Server API
| Endpoint | Method | Burst Limit (RPS) | Sustained Limit (RPM) |
|---|---|---|---|
| Global Protection by Tenant | — | 100 | — |
| Global by Prod Tenant | — | 100 | — |
| Authorize (Prod) | — | 100 | — |
| Authorize (Dev) | — | 50 | — |
| Token Revocation (Prod) | POST | 35 | — |
| OAuth Custom Token Exchange | POST | 15 | — |
| ROPG (Prod) | POST | 55 | — |
| Token Vault Global | — | 50 | — |
DX Flows API
DX Flows API
| Endpoint | Method | Burst Limit (RPS) | Sustained Limit (RPM) |
|---|---|---|---|
| Global Limit | — | 100 | — |
VC API Verifier
VC API Verifier
| Endpoint | Method | Burst Limit (RPS) | Sustained Limit (RPM) |
|---|---|---|---|
| Outer Create | POST | 10 | — |
| Outer Get | GET | 120 | — |
| Inner All | — | 30 | — |
| Conf All | — | 20 | — |