WorkOS APIs are rate limited to ensure that they are fast for everyone. If you find yourself getting 429 errors, double check your integration to make sure you aren’t making unnecessary requests.
| Name | Path | Limit |
|---|---|---|
| All requests | * | 6,000 requests per 60 seconds per API key |
This rate limit applies to all environments, staging and production. Exceptions to the general rate limit are listed below.
Authenticated API requests are counted per API key, not per source IP address. Spreading requests across multiple IP addresses does not increase your effective limit.
| Name | Path | Limit |
|---|---|---|
| Get Authorization URL | /sso/authorize | 1,000 requests per 60 seconds per connection |
| Name | Path | Limit |
|---|---|---|
| Directory Users | /directory_users | 4 requests per second per directory |
| Name | Path | Limit |
|---|---|---|
| Delete Organization | /organizations/* | 50 requests per 60 seconds per API key |
Rate limiting for AuthKit APIs are enforced on a per environment basis.
| Name | Path | Limit |
|---|---|---|
| Reads | /user_management/* | 1,000 requests per 10 seconds |
| Writes | /user_management/* | 500 requests per 10 seconds |
| Authentication | /user_management/authenticate | 10 requests per 60 seconds per email or challenge ID |
| Magic Auth | /user_management/magic_auth/send | 3 requests per 60 seconds per email |
| Email verification | /user_management/:id/email_verification/send | 3 requests per 60 seconds per user |
| Password reset | /user_management/password_reset/send | 3 requests per 60 seconds per email |
| Name | Limits |
|---|---|
| Reads | 1,000 requests per 10 seconds |
| Writes | 500 requests per 10 seconds |
| SSO sign-ins | 3 requests per 60 seconds per IP address |
| Email sign-ins | 10 requests per 60 seconds per email and IP address |
| Magic Auth sign-ins | 10 requests per 60 seconds per IP address and challenge ID |
| Magic Auth code requests | 3 requests per 60 seconds per IP address and email |
Admin Portal Continue to the next section
Up next