We are calling the /passwordless/start endpoint from our backend using the client secret, but we are still getting rate limited with 50 reqs/minute per IP limit. Could you check what is going on?
The application used for the /passwordless/start had the Authentication method set to None, even though the application type was correctly set as a regular web app.
The following two conditions should be met for the extended rate limits to apply.
- /passwordless/start should be called with the client secret.
- The application used for this call has to be configured as a regular web application, and the authentication method in the Credentials tab should be set to any option other than None . Setting None indicates that the app is public, and then the reduced rate limits apply.