Private Cloud Performance 6000 RPS (60x) and 6000 RPS (60x) Burst
See below for the rate limits in the Private Cloud Performance 6000 RPS (60x) and 6000 RPS (60x) Burst subscription types.
Therefore, we recommend deploying one tenant per private cloud environment for risk mitigation.
Rate limits for the Authentication API, API endpoints, and API endpoint groups in the Private Cloud Performance 6000 RPS (60x) subscription type.
API | Burst Request Limit | Sustained Request Limit | Peak Request Limit |
---|---|---|---|
Authentication API | 6000 | 6000/second | N/A |
Authentication API (60x Burst) | 3000 | 3000/second | 6000 Burst; 6000/second sustained |
Endpoint | Method | Burst Request Limit | Sustained Request Limit | Limit Type |
---|---|---|---|---|
User Info | GET , POST |
10 | 5/minute | To a unique User ID |
Change Password Reset Password with Universal Login |
POST |
10 | 1/minute | From an IP Address to a unique Email Address |
Get Passwordless Code or Link | GET , POST |
50 | 50/hour | From an IP Address |
Native Social Login (Apple / Facebook Only) | POST |
50 | 500/minute | Any Request for Apple or Facebook Native Social Login |
Dynamic Application (Client) Registration | POST |
5 | 5/second | Any request |
Universal Logout | POST |
1500 | 1500/second | Any request |
Pushed Authorization Requests (PAR) | POST |
100 | 100/second | From an IP Address |
Back-Channel authorize (CIBA) | POST |
500 | 500/minute | From an IP Address |
Device code activation (no prompt) | POST |
30 | 6/second | From an IP Address |
Device code authorization | POST |
5 | 5/second | From an IP Address |
MFA OOB token exchange | POST |
12 | 12/minute | To a unique session |
Rate limits for the Management API, API endpoints, and API endpoint groups in the Private Cloud Performance 6000 RPS (60x) subscription type.
API | Burst Request Limit | Sustained Request Limit |
---|---|---|
Management API | 3000 | 3000/second |
Endpoint | Method | Burst Request Limit | Sustained Request Limit | Limit Type |
---|---|---|---|---|
Read Organizations | GET |
600 | 6000/minute | Any request |
Read Organizations by ID | GET |
600 | 30000/minute | Any request |
Read Organizations by Name | GET |
1200 | 12000/minute | Any request |
Write an Organization | POST , PATCH , DELETE |
300 | 9000/minute | Any request |
Read Organization Members | GET |
2400 | 30000/minute | Any request |
Write Organization Members | POST , DELETE |
1200 | 12000/minute | Any request |
Read Members of an Organization | GET |
1200 | 12000/minute | Any request |
Read Organization Member Roles | GET |
1200 | 12000/minute | Any request |
Write Organization Member Roles | POST , DELETE |
1200 | 12000/minute | Any request |
Read Organization Connections | GET |
600 | 6000/minute | Any request |
Write Organization Connections | POST , PATCH , DELETE |
300 | 9000/minute | Any request |
Write Custom Domain | POST |
5 | 5/minute | Any request |
Write Status Connection | POST |
100 | 15/second | Any request |
Write Signing Keys | POST |
5 | 5/day | Any request |
Read Partials for a Prompt | GET |
5 | 5/minute | Any request |
Write Partials for a Prompt | PUT |
5 | 5/minute | Any request |
Read Clients
|
GET |
300 | 9000/minute | Any request |
Read Organization Client Grants | GET |
600 | 6000/minute | Any request |
Write Organization Client Grants | POST |
300 | 9000/minute | Any request |
Rate limits for the inbound SCIM API endpoints in the Private Cloud Performance 6000 RPS (60x) subscription type.
Limit Type | Endpoint Path | Operation | Limit |
---|---|---|---|
Single SCIM connection endpoint | /scim/v2/connections/{connection-id} |
Any request | 25 requests per second |
Global tenant limit for all SCIM connections | /scim/v2/connections/* |
Any request | 3000 requests per second |
Rate limits for the endpoints utilized for the Universal Login Authentication Flow for all subscription types.
Endpoint | Method | Burst Request Limit | Sustained Request Limit | Limit Type |
---|---|---|---|---|
Universal login prompts (global) | GET , POST |
500 | 500/minute | From an IP Address |
Universal login prompts (per prompt) | GET |
20 | 10/minute | From an IP Address |
Universal login prompts (per prompt) | POST |
10 | 5/minute | From an IP Address |
Password reset prompt | GET |
500 | 500/minute | From an IP Address |
MFA push enrollment prompt | GET , POST |
500 | 500/minute | From an IP Address |
MFA push challenge prompt | GET , POST |
500 | 500/minute | From an IP Address |
MFA SMS enrollment prompt | GET |
20 | 10/minute | From an IP Address |
MFA SMS enrollment prompt | POST |
10 | 5/minute | From an IP Address |
MFA SMS enrollment verify prompt | GET |
20 | 10/minute | From an IP Address |
MFA SMS enrollment verify prompt | POST |
10 | 5/minute | From an IP Address |
Passwordless SMS challenge prompt | GET , POST |
5 | 5/minute | From an IP Address |
Passwordless email challenge prompt | GET , POST |
5 | 5/minute | From an IP Address |
Phone verification enrollment prompt | GET , POST |
5 | 5/minute | From an IP Address |
Phone verification challenge prompt | GET , POST |
5 | 5/minute | From an IP Address |
Device code prompt | GET , POST |
5 | 5/second | From an IP Address |
Additional MFA rate limits.
Endpoint | Burst Request Limit | Sustained Request Limit | Limit Type | Limit |
---|---|---|---|---|
OTP (6 numeric digits) failures | 10 | 10 | per hour | To a unique User ID |
Recovery code failures | 10 | 10 | per hour | To a unique User ID |
Webauthn challenge failures | 15 | 15 | per minute | To a unique User ID |
Webauthn challenge generated | 15 | 15 | per minute | To a unique User ID |
Push notifications sent per user | 5 | 5 | per minute | To a unique User ID |
SMS sent per user | 10 | 1 | per hour | To a unique User ID |
Email sent per user | 20 | 1 | per minute | To a unique User ID |