Skip to main content

Project Rate Limits

Ory Network enforces different rate limit policies based on the path of your request.

  1. /sessions/whoami: session checks
  2. /admin/oauth2/introspect: OAuth2 token introspection
  3. /relation-tuples/check: permission check
  4. GET /admin/identities: list identities
  5. *: everything else

Each of these policies incorporates two types of rate limits:

  1. The burst limit, which regulates the maximum number of requests per second, allowing brief spikes in request volume.
  2. The sustained limit, controlling the number of requests over a one-minute period.
Subscription PlanPath / Bucketburst (rps)sustained (rpm)
Develop/sessions/whoami15450
/admin/oauth2/introspect15450
/relation-tuples/check15450
GET /admin/identities110
*15450
Essentials/sessions/whoami801800
/admin/oauth2/introspect801800
/relation-tuples/check801800
GET /admin/identities10300
*40900
Scale/sessions/whoami80018000
/admin/oauth2/introspect80018000
/relation-tuples/check80018000
GET /admin/identities20600
*4009000
note

Looking for enterprise-grade rate limits? Everything's possible. Get in touch with us to discuss your requirements.