Skip to main content

Project Rate Limits

Ory Network enforces different rate limit policies based on the environment of your project and the path of your request.

  1. /sessions/whoami: session checks
  2. /admin/oauth2/introspect: OAuth2 token introspection
  3. /relation-tuples/check: permission check
  4. GET /admin/identities: list identities
  5. *: everything else

Each of these policies incorporates two types of rate limits:

  1. The burst limit, which regulates the maximum number of requests per second, allowing brief spikes in request volume.
  2. The sustained limit, controlling the number of requests over a one-minute period.

Developer Plan Rate Limits

EnvironmentPath / Bucketburst (rps)sustained (rpm)
Developer/sessions/whoami10300
/admin/oauth2/introspect10300
/relation-tuples/check10300
GET /admin/identities110
*5150

Production Plan Rate Limits

EnvironmentPath / Bucketburst (rps)sustained (rpm)
Production/sessions/whoami801800
/admin/oauth2/introspect801800
/relation-tuples/check801800
GET /admin/identities10300
*40900
Staging /sessions/whoami1030
/admin/oauth2/introspect10300
/relation-tuples/check10300
GET /admin/identities110
*5150

Growth Plan Rate Limits

EnvironmentPath / Bucketburst (rps)sustained (rpm)
Production/sessions/whoami80018000
/admin/oauth2/introspect80018000
/relation-tuples/check80018000
GET /admin/identities20600
*4009000
Staging /sessions/whoami1030
/admin/oauth2/introspect10300
/relation-tuples/check10300
GET /admin/identities110
*5150
note

Looking for enterprise-grade rate limits? Everything's possible. Get in touch with us to discuss your requirements.

Workspace Rate Limit

For all projects in a workspace, the rate limit is the same as for the production environment. For example, on the Production plan, the rate limit would be 80 rps on the /sessions/whoami path for all projects combined on the workspace.

Legacy plans

The legacy Essential and Scale plans have the same rate limits as Production and Growth respectively.