REST API rate limit

lahiruchandima · December 3, 2021, 7:22am

This page specifies the rate limits that are applied to REST API calls.

What will happen to requests sent after breaching the rate limit?

I have to call the Okta primary authentication endpoint in my application. Is it possible to set a lower rate limit for any requests made for a particular user, so the endpoint rate limit is not breached if endpoint is called rapidly for a single user, so any requests made for other users will not be affected?

phi1ipp · December 3, 2021, 2:36pm

Requests above rate limit will get 429 response from Okta. It’s described in the documentation.
What you are describing is called ‘Client Rate Limit’, and it’s currently only configurable for /authorize and /login/login.html endpoints. Not sure if /authn is in the roadmap.

Any insights from Okta folks? @andrea

andrea · December 3, 2021, 4:12pm

Far as I know, the two you listed are the only ones it applies to at this time.

Post		Replies	Views
Client based rate limits not enforced Questions	3	3133	June 24, 2021
How to enforce Client-Based Rate Limiting for OAuth Service Clients (Client Credentials Grant) in Okta? OAuth/OIDC	3	1968	February 15, 2024
Per-user limits change API	2	2249	December 2, 2022
Clarification on rate limits API	2	2153	November 22, 2022
Is there a control on how many un-authorized OIDC token request would be allowed before blocking the client OAuth/OIDC api , oauth	2	42	December 5, 2024

REST API rate limit

Related topics