Frontegg rate limit policies
Frontegg applies rate limit policies on its APIs in order to protect your application and user management infrastructure, so your users will have a frictionless non-interrupted experience
Handling rate limits in code
Frontegg responds with HTTP Status Code 429 (Too Many Requests) when the rate limits exceed.
Your code logic should be able to handle such cases by checking the status code on the response and recovering from such cases.
If a retry is needed, it is best to allow for a back-off to avoid going into an infinite retry loop.
Limits for Frontegg workspaces
In some of the cases, the limits will be by IP address and in some of the cases, the limits will be by vendor Id.
| Endpoint | Path | Limited by | Rate limit |
|---|---|---|---|
| Password reset request | /identity/resources/users/v1/passwords/reset | IP address | 10 requests per minute |
| Password verification | /identity/resources/users/v1/passwords/reset/verify | IP address | 10 requests per minute |
| MFA verification | /identity/resources/auth/v1/user/mfa/verify | IP address | 10 requests per minute |
| MFA recovery | /identity/resources/auth/v1/user/mfa/recover | IP address | 10 requests per minute |
| Magic link login | /identity/resources/auth/v1/passwordless/magiclink/prelogin/identity/resources/auth/v1/passwordless/magiclink/postlogin | IP address | 100 requests per minute |
| SSO prelogin | /identity/resources/auth/v2/user/sso/prelogin | IP address | 100 requests per minute |
| User authentication | /identity/resources/auth/v1/user | IP address | 100 requests per minute |
| Social login | /identity/resources/auth/v1/user/sso/google/postlogin/identity/resources/auth/v1/user/sso/github/postlogin/identity/resources/auth/v1/user/sso/microsoft/postlogin/identity/resources/auth/v1/user/sso/facebook/postlogin | IP address | 100 requests per minute |
| User sign up | /identity/resources/users/v1/signUp | IP address | 5 requests per minute |
| API token authentication | /identity/resources/auth/v1/api-token | Workspace | 100 per second |
| Vendor Authentication | /auth/vendor | IP address | 30 per second |
| Invite user | POST /identity/resources/users/v1POST /identity/resources/users/v2 | IP address | 30 per minute |
| Get users (DEPRECATED) | GET /identity/resources/users/v2 | IP address | 30 per minute |
Updated about 2 months ago