M2m Token - 'Authenticated Call'


So I’m representing IDT. We are looking to move to a professional plan shortly as our application is getting ready to start scaling.

However we hit the Quota limit on ‘Authenticated Calls’ according to our plan details. It’s a bit unclear what is considered and Authenticated call.

The reason we ask this is because if our developer is hitting this page 1000 times a month simply during development - we will burn through our quota very quickly. I am not writing this code, but I am advising the developer.

Can we say cache tokens at the server level and reduce the count a bit? Or is a call any time a m2m communication occurs? The answer to this question will inform how we develop, so it’s important we can get a clear answer on when something uses a token or when something does not.


Hi there @bryan.winter, welcome to the community!

Any time a client secret is included in a call it is considered Authenticated.

Some sort of caching mechanism on the developers end could help mitigate this. The idea would be for the OAuth2 client to check for a M2M token before calling the /token endpoint to obtain a new one.

Authentication API Endpoint Rate Limits for reference:

Hopefully this helps to clear things up a bit, but let us know if you have any follow up questions!

1 Like

Thanks and yes, my boss also found this a few hours after I asked the question, so I think that clears up it up a bit. I think we got a path going forward.

Thanks again!

1 Like

Happy to help! Thanks for confirming :smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.