Limit Client requests on Machine to Machine flow

niall · April 4, 2023, 9:50am

Customer is looking to limit the number of token requests on a client by client basis. The intention is to ensure no single client can consume the rate limit for a particular api.

I can’t see any options to limit from the UI. I can see that M2M does trigger the Login flow, so I have options in Actions.
https://auth0.com/docs/customize/actions/flows-and-triggers/machine-to-machine-flow

This post talks to monitoring global endpoint usage.
https://community.auth0.com/t/how-to-tell-if-you-are-approaching-the-rate-limit/82103

What I don’t have is an approach to introducing a per client limit. Any thoughts here would be appreciated.

peter.fernandez · April 4, 2023, 3:49pm

Hi Niall,

So whilst there’s currently no specific product configurable limitations that can be applied to Auth0 M2M token allocations, we do have some guidance which we’ve developed for our customers that can help in a number of different scenarios (see attached). Hope this helps
Optimizing External M2M Token Reuse.pdf (301.0 KB)

niall · April 4, 2023, 3:50pm

Hi Peter. Thanks for the response. I’ll review the document and report back once I’ve had a chance to digest it.

Topic		Replies	Views
Machine to Machine Authentication Rate Limiting Get Help rate-limit	14	14265	May 29, 2020
Auth0 Free Plan Limit Get Help auth0 , api , management-api	1	4890	May 4, 2020
Auth0 Rate Limit /oauth/token endpoint - Custom actions or Hooks Get Help management-api , clients	10	1807	June 21, 2023
How to know how many and which m2m users have been requested? Get Help jwt , auth0 , api , m2m	10	5109	December 29, 2020
Machine to machine API token call limits Get Help	3	3060	December 24, 2020

Limit Client requests on Machine to Machine flow

Related topics