Rate Limit Policies

Frontegg applies rate limit policies on its APIs in order to protect your application and user management infrastructure, so your users will have a frictionless non-interrupted experience

Handling rate limits in code

Frontegg responds with HTTP Status Code 429 (Too Many Requests) when the rate limits exceed.
Your code logic should be able to handle such cases by checking the status code on the response and recovering from such cases.

If a retry is needed, it is best to allow for a back-off to avoid going into an infinite retry loop.

Limits for Frontegg workspaces

In some of the cases, the limits will be by IP address and in some of the cases, the limits will be by vendor Id.

EndpointPathLimited byRate limit
Password reset request/identity/resources/users/v1/passwords/resetIP address10 requests per minute
Password verification/identity/resources/users/v1/passwords/reset/verifyIP address10 requests per minute
MFA verification/identity/resources/auth/v1/user/mfa/verifyIP address10 requests per minute
MFA recovery/identity/resources/auth/v1/user/mfa/recoverIP address10 requests per minute
Magic link login/identity/resources/auth/v1/passwordless/magiclink/prelogin
/identity/resources/auth/v1/passwordless/magiclink/postlogin
IP address100 requests per minute
SSO prelogin/identity/resources/auth/v2/user/sso/preloginIP address100 requests per minute
User authentication/identity/resources/auth/v1/userIP address100 requests per minute
Social login/identity/resources/auth/v1/user/sso/google/postlogin
/identity/resources/auth/v1/user/sso/github/postlogin
/identity/resources/auth/v1/user/sso/microsoft/postlogin
/identity/resources/auth/v1/user/sso/facebook/postlogin
IP address100 requests per minute
User sign up/identity/resources/users/v1/signUpIP address5 requests per minute
API token authentication/identity/resources/auth/v1/api-tokenEnvironment100 per second
OAuth Token Request/identity/resources/oauth/tokenEnvironment 500 per minute
Vendor Authentication/auth/vendorIP address30 per second
Invite userPOST /identity/resources/users/v1

POST /identity/resources/users/v2
IP address30 per minute
Get users (DEPRECATED)GET /identity/resources/users/v2IP address30 per minute
Identity management configurationPOST /identity/resources/configurations/v1Vendor20 per minute
Update main authentication strategyPOST /identity/resources/configurations/v1/auth/strategies/mainVendor 10 per minute
Update secondary authentication strategyPOST /identity/resources/configurations/v1/auth/strategies/secondaryVendor10 per minute
Update SSO configurationPOST /identity/resources/sso/v1Vendor10 per minute
Activate SSO configurationidentity/resources/sso/v1/:type/activateVendor10 per minute
Deactivate SSO configurationPOST /identity/resources/sso/v1/:type/deactivateVendor10 per minute
Update SSO configurationPOST /identity/resources/sso/v2Vendor10 per minute
Activate SSO configurationPOST /identity/resources/sso/v2/:type/activateVendor10 per minute
Deactivate SSO configurationPOST /identity/resources/sso/v2/:type/deactivateVendor10 per minute
Create custom SSO configurationPOST /identity/resources/sso/custom/v1Vendor10 per minute
Update custom SSO configurationPATCH /identity/resources/sso/custom/v1/:idVendor10 per minute
Delete custom SSO configurationDELETE /identity/resources/sso/custom/v1/:idVendor10 per minute
Delete user DELETE identity/resources/users/v1/:userIdIP Address30 per minute
SSO groups configurationidentity/resources/sso/v1/configurations/:configurationId/groups/:groupIdeVendor100 per minute