Does Okta support Rate Limiter?

We are using SCIM 2.0 in our application to provision user from Okta to our system. Okta calls some APIs to our server to create or update users in our system. Is it possible that we set Rate Limiter on our server and Okta sends the requests accordingly?

@vishal.variyani Hi,
Can you please find this reference and check if it helps?

Hello @Lijia,

The Okta documentation you provided does not seem to have any information about SCIM. The documentation seems to pertain to Okta APIs only. The question is around whether or not you guys will respect rate limits on the provisioning side. When you guys call out to OUR scim enabled APIs, you don’t seem to respect rate limit headers and 429 responses.

As per your docs in the link you provided:
“If any org-wide rate limit is exceeded, an HTTP 429 status code is returned. You can anticipate hitting the rate limit by checking Okta’s rate limiting headers.”

From my experience on the developer tier, you guys just keep hammering my SCIM API even after I respond with 429’s and appropriate rate limit headers. I tried using the same headers in my API that you guys use on your APIs - X-Rate-Limit-Limit, X-Rate-Limit-Remaining, and X-Rate-Limit-Reset - yet still you guys keep sending requests.

Two questions I’m hoping you can answer:

  1. Is there some other mechanism that we can build in our SCIM APIs for Okta to respect our rate limits
  2. If you guys don’t respect SCIM API rate limits by design, is there a plan to implement this in the future?

Thanks!

@Lijia I’m also very interested in this answer, and have experienced similar things as the commenter above.

May I ask again whether there are plans to respect the 429 response code from a SCIM 2.0 provisioning application? I’d also love to know the answer to these questions:

  1. Does the Okta API send multiple SCIM requests concurrently through the SCIM application, and if so, how many concurrent requests are sent?

  2. What is the normal request timeout? Meaning, how long does the Okta API give us to process the request before Okta’s API gives up on the request, or closes the connection?

Thank you!