Notification about reaching M2M usage limit, but stats show only 4%

We’ve been on the free plan for some time now, and quite happily so. The 1000 monthly M2M auths are plenty for our purposes at the moment.
This morning, we got an email saying we’ve used 80% of our M2M auths this month. A few minutes later, an email saying we’ve used 90%. When I login though, the quote utilisation page says 37/1000 M2M auths used (4%). It looks like the email notifications are using a different maximum (40?) than the quota page. Obviously I don’t want our service to suddenly become unusable, so I’m wondering which of these is correct? How does this discrepancy even occur? Does anyone have any idea what’s going on?

Hey there!

Let me dive into this! Can you send me via private message here in the forum your tenant name and email address? Thank you!

So as it turns out we gave one of our partners M2M application access and his client has been hammering auth0 today. Due to this, our tenant can’t use any more M2M auth for the rest of the (still very long) month. I can’t find any way to rate limit or set quota for specific applications, meaning that if you have any external client with M2M access he can bring down auth for your whole organisation by using up your global quota. This seems like a very undesirable situation to me, which also applies to paid plans. Are there any plans of implementing per-application limits/quota so you can prevent 1 application from bringing down the entire organisation?

1 Like

Thank you for providing the context. I believe as of now we don’t offer such mechanisms but I’m researching our docs regarding this right now. In general here’s the rate limit policy: