When calling the /passwordless/start endpoint from our backend using the client secret, a rate limit occurs with 50 reqs/minute per IP limit. Why might this be happening?
The attempt at passwordless login fails, with the following error:
Error code 429 - Too Many Requests
Attempt at passwordless login fails, with the following error: “Error code 429 - Too Many Requests”.
The application used for the /passwordless/start had the Authentication method set to None, even though the application type was correctly set as a regular web app.
The following two conditions should be met for the extended rate limits to apply.
- /passwordless/start should be called with the client secret.
- The application used for this call has to be configured as a regular web application, and the authentication method in the Credentials tab should be set to any option other than None . Setting None indicates that the app is public, and then the reduced rate limits apply.