Getting rate limitted for /passwordless/start quickly

Problem statement

We are calling the /passwordless/start endpoint from our backend using the client secret, but we are still getting rate limited with 50 reqs/minute per IP limit. Could you check what is going on?


The application used for the /passwordless/start had the Authentication method set to None, even though the application type was correctly set as a regular web app.


The following two conditions should be met for the extended rate limits to apply.

  1. /passwordless/start should be called with the client secret.
  2. The application used for this call has to be configured as a regular web application, and the authentication method in the Credentials tab should be set to any option other than None . Setting None indicates that the app is public, and then the reduced rate limits apply.