Is there a way to throttle user creation from ManagementClient.createUser?

aburten · August 13, 2024, 1:41pm

Hello,

We’re doing some testing on throttling and attack prevention, and we found that the signups that are going through ManagementClient.createUser on 2.x NodeJS SDK are not being throttled.

We were trying to find any information on the throttling of Management API (which I assume is being called behind the scenes from ManagementClient.createUser function), but did not find definitive answer either.

Our settings:

Sign up Threshold - Maximum Attempts: 1
Sign up Threshold - Throttling Rate: 1

I assume that these settings will allow only one attempt per day to sign up, and all the others will be blocked.

tyf · August 13, 2024, 10:07pm

Hey there @aburten welcome to the community!

The settings you’ve referred to are in relation to the authentication pipeline (Universal Login) as opposed to the Management API, hence requests from the Node client not being throttled as it does use the Management API. Management API requests are subject to rate limits depending on subscription:

system · August 27, 2024, 10:07pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.