"You have exceeded the amount of SMSs per hour"


We seem to get a “You have exceeded the amount of SMSs per hour” now and again when we have MFA enabled for our account, even though we have a small number of users on Auth0 currently. How can we remedy that?


Allan Beaufour

Hi Allan, there’s a hard limit of 10 SMSs per user per hour and this is non-configurable: https://auth0.com/docs/mfa/references/troubleshoot-mfa#sms-message-rate-limits

Under normal circumstances a user wouldn’t need to do it that many times. Do you have a use case where the user may try this 10+ times an hour? If so I’d recommend switching to a different MFA factor like TOTP.

We have had it happen at least twice now, where the user has not received a single SMS and yet they get this error message. So there must be something wrong somewhere, and it is obviously blocking users from signing in. How can we figure out what is going wrong?

You can first check the Auth0 logs to see if there are any logs indicating a failure sending the SMS. These logs would be of the type gd_send_sms_failure (see here).

If there’s none, you can check Twilio logs to see if there’s any indication of failures. (I assume you are using your own Twilio account, since the built-in one is meant for testing only and not for production purposes)

1 Like

I completely missed that you had to add your own Twilio account. That little (!) didn’t adequately get my attention it seems :slight_smile: I set that up, and I would assume the problem is solved now.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.