Upcoming Rate Limit Enforcement on Management API v2

On November 4, 2019, we announced changes made to rate limits (10 requests per minute per user) on Management APIv2 when requests are being made from Single Page Applications (SPAs).

Beginning November 4, 2020, if you exceed this limit, you’ll receive a response with HTTP Status Code 429 (Too Many Requests) as well as an entry in the tenant log.

What is changing?

After November 4, 2020, Management API v2 will only allow 10 requests per minute per user when requests are coming from SPAs. Requests in excess of this limit will receive a response with HTTP Status Code 429 (Too Many Requests) as well as an entry in the tenant log.

Why are we making this change?

Any request made through SPAs counts towards your Global Request Quota, in an effort to protect bandwidth for legitimate users access we’ve implemented rate limits for this use case.

What action do you need to take?

Action may be required to update your applications to reduce Management API requests with new logic. Resources are provided below to assist.

This action would be required prior to November 4, 2020 to ensure you do not experience errors once rate limit enforcement occurs.

Where do I go to get additional assistance?

We are here to help. Contact us by using the Auth0 Support Center or Auth0 Community.

Useful Resources

Rate Limit Policy For Auth0 APIs
Get Management API Tokens for Single-Page Applications

1 Like