Is there a way to throttle user creation from ManagementClient.createUser?

aburten · August 13, 2024, 1:41pm

Hello,

We’re doing some testing on throttling and attack prevention, and we found that the signups that are going through ManagementClient.createUser on 2.x NodeJS SDK are not being throttled.

We were trying to find any information on the throttling of Management API (which I assume is being called behind the scenes from ManagementClient.createUser function), but did not find definitive answer either.

Our settings:

Sign up Threshold - Maximum Attempts: 1
Sign up Threshold - Throttling Rate: 1

I assume that these settings will allow only one attempt per day to sign up, and all the others will be blocked.

tyf · August 13, 2024, 10:07pm

Hey there @aburten welcome to the community!

The settings you’ve referred to are in relation to the authentication pipeline (Universal Login) as opposed to the Management API, hence requests from the Node client not being throttled as it does use the Management API. Management API requests are subject to rate limits depending on subscription:

system · August 27, 2024, 10:07pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
429 - Too many requests Help auth0 , management-api , user-creation	2	8743	May 25, 2022
Global rate limit reached Help management-api , users	4	46	July 19, 2024
User Creation Slow Help user-creation	3	3320	July 26, 2019
How to increase rate limit of Management API? Help management-api , rate-limit , user-management , api-rate	2	7281	March 2, 2018
Where should I create ManagementClient instances...or should I just create users via client? (Node / React) Help nodejs , react , express	4	3074	August 13, 2021

Is there a way to throttle user creation from ManagementClient.createUser?

Related Topics