Increase permitted limit of "Allowed Web Origins" and / or "Allowed Origins (CORS)"

Problem statement

We are developing a novel cloud-based service for our customers. But for this to work we would like to increase the “Allowed Web Origins” and “Allowed Origins (CORS)” limit of our application from 100 to 3000.

Is it possible to increase these limits?


The documentation clearly states that “Allowed Web Origins” and “Allowed Origins (CORS)” both have an upper limit of 100 instances.


For public cloud customers, both “Allowed Web Origins” and “Allowed Origins (CORS)” are limited to a maximum of 100 instances each. We are unable to permit any change to these thresholds,

The primary reason for enforcing these URL instance limits is to protect against latency issues. So even if we could grant you an increase to the upper threshold of “Allowed Web Origins” and “Allowed Origins (CORS)”, the performance of your application might be severely impacted.

Two possible workarounds might be compatible with your use case:

  1. You could consider using multiple Auth0 tenants as an alternative. This approach is sometimes used by customers who have many apps under many different top-level domain names, and want (or need) their Auth0 tenant’s custom domain names to match their app domain names.
  2. Consider partitioning your customers and using the same client_id only for up to 100 of them.

If you are a Private cloud customer, we might consider making an exception to this rule. In this case, open a support ticket, clearly describing business and technical reasons why you would like the upper threshold of “Allowed Web Origins” and “Allowed Origins (CORS)” to be increased. Clearly state what you would like the new upper limits to be and explain how you have arrived at that number. We will then review your case and under exceptional circumstances approve your request, but the acceptance is not guaranteed.