Problem Statement
We are struggling with a random error code 429 for exceeding rate limits in calling the /userinfo endpoint. How can we resolve this?
Errors in the tenant logs or HAR file
"type": "api_limit",
"description": "You passed the limit of allowed calls to `/userinfo` with the same user.",
Solution
All Auth0 services have built-in rate limiting and automated blocking features to mitigate advanced denial-of-service or authentication attacks. The Auth0 network infrastructure is protected against volumetric attacks by their cloud providers, in addition to a dedicated DDoS mitigation service. Also, to protect the platform, the Auth0 system imposes rate limits on APIs and database calls.
Please review our Rate Limits Policy. The most important part of our policy is that you should handle rate limits via your own code.
You can read more information about specific rate limits here:
To avoid 429 errors coming from the /userinfo endpoint, please consider requesting an id_token instead of calling /userinfo to get information about the user so that token can be used as a cache. Another and probably a bit worse alternative would be to cache the returned data from your /userinfo call, so fewer API calls are performed.
You can read more information about how to retrieve an id_token here.