Request: Can the /passwordless/start rate limit be increased for a Free tier tenant?

Hi - we’re running a membership site using Passwordless Email (OTP codes), and we’re consistently hitting the /u/login/passwordless-email-challenge and /passwordless/start rate limits during traffic spikes (especially when many members request login codes at once before events).

We’re on the Free tier, and understand the published guidance indicates a limit of ~50 requests/hour per IP. However, with legitimate users behind shared networks (mobile carriers, office networks, etc.), the limit is reached quickly and results in:

invalid_request: The rate limit for endpoint /u/login/passwordless-email-challenge was reached. Please retry after a few minutes.

We already have:

• Email TTL increased to 15 minutes

• Cooldowns and messaging to prevent repeated requests

• Disabled database signups

• Bot Detection enabled

• DKIM/SPF/DMARC fully aligned

We’d like to know:

Is it possible to increase the rate limit for this endpoint on the Free tier, or is upgrading to a paid plan the only path?

If upgrading is required, which plan(s) allow higher passwordless OTP rate limits or relaxed throttling?

Any clarification or recommendations would be greatly appreciated — especially if there are best practices for scaling passwordless email flows during high-traffic windows.

Thank you!

Hi @RPMW360 and welcome to the Auth0 Community!

Please allow me some time to look into this matter, and I will get back to you with an answer as soon as possible.

Thank you!
Teodor.

Hi again @RPMW360 !

Unfortunately, it’s not possible to increase the rate limits on the Free Tier. To increase rate limits, you will have to upgrade to the Enterprise plan and discuss the rate limits you require with our Sales team.

I hope this answers your question, and I wish you a great day!
Teodor.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.