Frontegg rate limit policies

Frontegg applies rate limit policies on its APIs in order to protect your application and user management infrastructure, so your users will have a frictionless non-interrupted experience

Handling rate limits in code

Frontegg responds with HTTP Status Code 429 (Too Many Requests) when the rate limits exceed.
Your code logic should be able to handle such cases by checking the status code on the response and recovering from such cases.

If a retry is needed, it is best to allow for a back-off to avoid going into an infinite retry loop.

Limits for Frontegg workspaces

In some of the cases, the limits will be by IP address and in some of the cases, the limits will be by IP address.

Endpoint

Path

Limited by

Rate limit

Password reset request

/identity/resources/users/v1/passwords/reset

IP address

10 requests per minute

Password verification

/identity/resources/users/v1/passwords/reset/verify

IP address

10 requests per minute

MFA verification

/identity/resources/auth/v1/user/mfa/verify

IP address

10 requests per minute

MFA recovery

/identity/resources/auth/v1/user/mfa/recover

IP address

10 requests per minute

Magic link login

/identity/resources/auth/v1/passwordless/magiclink/prelogin
/identity/resources/auth/v1/passwordless/magiclink/postlogin

IP address

100 requests per minute

SSO prelogin

/identity/resources/auth/v2/user/sso/prelogin

IP address

100 requests per minute

User authentication

/identity/resources/auth/v1/user

IP address

100 requests per minute

Social login

/identity/resources/auth/v1/user/sso/google/postlogin
/identity/resources/auth/v1/user/sso/github/postlogin
/identity/resources/auth/v1/user/sso/microsoft/postlogin
/identity/resources/auth/v1/user/sso/facebook/postlogin

IP address

100 requests per minute

User sign up

/identity/resources/users/v1/signUp

IP address

5 requests per minute

API token authentication

/identity/resources/auth/v1/api-token

Workspace

100 per second


Did this page help you?