Frontegg rate limit policies

Frontegg applies rate limit policies on its APIs in order to protect your application and user management infrastructure, so your users will have a frictionless non-interrupted experience

Handling rate limits in code

Frontegg responds with HTTP Status Code 429 (Too Many Requests) when the rate limits exceed.
Your code logic should be able to handle such cases by checking the status code on the response and recovering from such cases.

If a retry is needed, it is best to allow for a back-off to avoid going into an infinite retry loop.

Limits for Frontegg workspaces

In some of the cases, the limits will be by IP address and in some of the cases, the limits will be by vendor Id.

EndpointPathLimited byRate limit
Password reset request/identity/resources/users/v1/passwords/resetIP address10 requests per minute
Password verification/identity/resources/users/v1/passwords/reset/verifyIP address10 requests per minute
MFA verification/identity/resources/auth/v1/user/mfa/verifyIP address10 requests per minute
MFA recovery/identity/resources/auth/v1/user/mfa/recoverIP address10 requests per minute
Magic link login/identity/resources/auth/v1/passwordless/magiclink/prelogin
/identity/resources/auth/v1/passwordless/magiclink/postlogin
IP address100 requests per minute
SSO prelogin/identity/resources/auth/v2/user/sso/preloginIP address100 requests per minute
User authentication/identity/resources/auth/v1/userIP address100 requests per minute
Social login/identity/resources/auth/v1/user/sso/google/postlogin
/identity/resources/auth/v1/user/sso/github/postlogin
/identity/resources/auth/v1/user/sso/microsoft/postlogin
/identity/resources/auth/v1/user/sso/facebook/postlogin
IP address100 requests per minute
User sign up/identity/resources/users/v1/signUpIP address5 requests per minute
API token authentication/identity/resources/auth/v1/api-tokenWorkspace100 per second
Vendor Authentication/auth/vendorIP address30 per second
Invite userPOST /identity/resources/users/v1

POST /identity/resources/users/v2
IP address30 per minute