> ## Documentation Index > Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt > Use this file to discover all available pages before exploring further. > Rate limits for the Essentials and Professional pricing plans. # Essentials and Professional See below for the rate limit policies for the Essentials and Professional pricing plans. | [API](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#api-rate-limits) | [Burst Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | [Sustained Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | | ------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | | Authentication API | 25 | 25/second | | [Endpoint](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#endpoint-rate-limits) | Method | [Burst Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | [Sustained Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | Limit Type | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | | [User Info](https://auth0.com/docs/api/authentication#get-user-info) | `GET`, `POST` | 10 | 5/minute | To a unique User ID | | [Change Password](https://auth0.com/docs/api/authentication#change-password)

[Reset Password with Universal Login](/docs/authenticate/database-connections/password-change#universal-login-page) | `POST` | 10 | 1/minute | From an IP Address to a unique Email Address | | [Get Passwordless Code or Link](https://auth0.com/docs/api/authentication#passwordless) | `GET`, `POST` | 50 | 50/hour | From an IP Address | | [Native Social Login (Apple / Facebook Only)](https://auth0.com/docs/api/authentication#verify-with-one-time-password-otp-) | `POST` | 50 | 500/minute | Any Request for Apple or Facebook Native Social Login | | [Dynamic Application (Client) Registration](https://auth0.com/docs/api/authentication#dynamic-application-client-registration) | `POST` | 5 | 5/second | Any request | | [Universal Logout](https://auth0.com/docs/api/authentication#global-token-revocation) | `POST` | 35 | 35/second | Any request | | Pushed Authorization Requests (PAR) | `POST` | 100 | 100/second | From an IP Address | | Back-Channel authorize (CIBA) | `POST` | 500 | 500/minute | From an IP Address | | Device code activation (no prompt) | `POST` | 30 | 6/second | From an IP Address | | Device code authorization | `POST` | 5 | 5/second | From an IP Address | | MFA OOB token exchange | `POST` | 12 | 12/minute | To a unique session | | [Custom Token Exchange](/docs/authenticate/custom-token-exchange) | `POST` | 4 | 4/second | Any request | | [On-Behalf-Of Token Exchange](/docs/secure/call-apis-on-users-behalf/on-behalf-of-token-exchange) | `POST` | 8 | 8/second | Any Request | \*Represents the default limit. You can configure the Signup endpoint limit in Auth0 Dashboard. To learn more, read [Suspicious IP Throttling](/docs/secure/attack-protection/suspicious-ip-throttling). | [Endpoint](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#endpoint-rate-limits) | Method | [Burst Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | [Sustained Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | Limit Type | | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------- | | [Read Organizations](https://auth0.com/docs/api/management/v2/organizations/get-organizations) | `GET` | 5 | 50/minute | Any request | | [Read Organizations by ID](https://auth0.com/docs/api/management/v2/organizations/get-organizations-by-id) | `GET` | 20 | 200/minute | Any request | | [Read Organizations by Name](https://auth0.com/docs/api/management/v2/organizations/get-name-by-name) | `GET` | 10 | 100/minute | Any request | | [Write Organizations](https://auth0.com/docs/api/management/v2/organizations/post-organizations) | `POST`, `PATCH`, `DELETE` | 5 | 25/minute | Any request | | [Read Organization Members](https://auth0.com/docs/api/management/v2/organizations/get-members) | `GET` | 40 | 500/minute | Any request | | [Write Organization Members](https://auth0.com/docs/api/management/v2/organizations/post-members) | `POST`, `DELETE` | 20 | 200/minute | Any request | | [Read Members of an Organization](https://auth0.com/docs/api/management/v2/organizations/get-members) | `GET` | 20 | 200/minute | Any request | | [Read Organization Member Roles](https://auth0.com/docs/api/management/v2/organizations/get-organization-member-roles) | `GET` | 20 | 200/minute | Any request | | [Write Organization Member Roles](https://auth0.com/docs/api/management/v2/organizations/post-organization-member-roles) | `POST`, `DELETE` | 20 | 200/minute | Any request | | [Read Organization Connections](https://auth0.com/docs/api/management/v2/organizations/get-enabled-connections) | `GET` | 5 | 50/minute | Any request | | [Write Organization Connections](https://auth0.com/docs/api/management/v2/organizations/post-enabled-connections) | `POST`, `PATCH`, `DELETE` | 5 | 25/minute | Any request | | [Read Users](https://auth0.com/docs/api/management/v2/users/get-users) | `GET` | 40 | 500/minute | Any request | | [Write Users](https://auth0.com/docs/api/management/v2/users/post-users) | `POST`, `PATCH` | 20 | 200/minute | Any request | | [Write Users](https://auth0.com/docs/api/management/v2/users/delete-users-by-id) | `DELETE` | 20 | 200/minute | Any request | | [Read Logs](https://auth0.com/docs/api/management/v2/logs/get-logs) | `GET` | 10 | 100/minute | Any request | | [Read Clients](https://auth0.com/docs/api/management/v2/clients/get-clients) | `GET` | 5 | 100/minute | Any request | | [Read Connections](https://auth0.com/docs/api/management/v2/connections/get-connections) | `GET` | 5 | 50/minute | Any request | | [Write Device Credentials](https://auth0.com/docs/api/management/v2/device-credentials/post-device-credentials) | `POST`, `DELETE` | 5 | 100/minute | Any request | | [Write Custom Domain](https://auth0.com/docs/api/management/v2/custom-domains/post-verify) | `POST` | 5 | 5/minute | Any request | | [Read Status Connection](https://auth0.com/docs/api/management/v2/connections/get-status) | `GET` | 100 | 15/second | Any request | | [Write Signing Keys](https://auth0.com/docs/api/management/v2/keys/post-signing-keys) | `POST` | 5 | 5/day | Any request | | [Read Partials for a Prompt](https://auth0.com/docs/api/management/v2/prompts/get-partials) | `GET` | 5 | 5/minute | Any request | | [Write Partials for a Prompt](https://auth0.com/docs/api/management/v2/prompts/put-partials) | `PUT` | 5 | 5/minute | Any request | | [Read Clients](https://auth0.com/docs/api/management/v2/clients/get-clients)
Only applies to the usage of the `q` parameter. | `GET` | 5 | 150/minute | Any request | | [Read Organization Client Grants](https://auth0.com/docs/api/management/v2/organizations/get-organization-client-grants) | `GET` | 10 | 100/minute | Any request | | [Write Organization Client Grants](https://auth0.com/docs/api/management/v2/organizations/create-organization-client-grants) | `POST` | 5 | 150/minute | Any request | | [Write email templates](https://auth0.com/docs/api/management/v2/email-templates/post-email-templates) | `POST`, `PATCH`, `DELETE` | 5 | 25/minute | Any request | | [Read email templates](https://auth0.com/docs/api/management/v2/email-templates/get-email-templates-by-template-name) | `GET` | 10 | 50/minute | Any request | | [Write email provider](https://auth0.com/docs/api/management/v2/emails/patch-provider) | `POST`, `PATCH`, `DELETE` | 5 | 25/minute | Any request | | [Read email provider](https://auth0.com/docs/api/management/v2/emails/get-provider) | `GET` | 5 | 25/minute | Any request | | [Write Token Exchange Profiles](/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#create-custom-token-exchange-profile) | `POST`, `PATCH`, `DELETE` | 5 | 100/minute | Any request | | [Read Token Exchange Profiles](/docs/authenticate/custom-token-exchange/configure-custom-token-exchange#manage-custom-token-exchange-profile) | `GET` | 20 | 200/minute | Any request | | All other Endpoints Combined | N/A | 10 | 150/minute | Any request | | Limit Type | Endpoint Path | Operation | Limit | | -------------------------------------------- | -------------------------------------- | ----------- | ----------------------- | | Single SCIM connection endpoint | `/scim/v2/connections/{connection-id}` | Any request | 25 requests per second | | Global tenant limit for all SCIM connections | `/scim/v2/connections/*` | Any request | 100 requests per second | | Endpoint | Method | [Burst Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | [Sustained Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | Limit Type | | ------------------------------------ | ------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | Universal login prompts (global) | `GET`, `POST` | 500 | 500/minute | From an IP Address | | Universal login prompts (per prompt) | `GET` | 20 | 10/minute | From an IP Address and state value. | | Universal login prompts (per prompt) | `POST` | 10 | 5/minute | From an IP Address | | Password reset prompt | `GET` | 500 | 500/minute | From an IP Address | | MFA push enrollment prompt | `GET`, `POST` | 500 | 500/minute | From an IP Address | | MFA push challenge prompt | `GET`, `POST` | 500 | 500/minute | From an IP Address | | MFA SMS enrollment prompt | `GET` | 20 | 10/minute | From an IP Address | | MFA SMS enrollment prompt | `POST` | 10 | 5/minute | From an IP Address | | MFA SMS enrollment verify prompt | `GET` | 20 | 10/minute | From an IP Address | | MFA SMS enrollment verify prompt | `POST` | 10 | 5/minute | From an IP Address | | Passwordless SMS challenge prompt | `GET`, `POST` | 5 | 5/minute | From an IP Address | | Passwordless email challenge prompt | `GET`, `POST` | 5 | 5/minute | From an IP Address | | Phone verification enrollment prompt | `GET`, `POST` | 5 | 5/minute | From an IP Address | | Phone verification challenge prompt | `GET`, `POST` | 5 | 5/minute | From an IP Address | | Device code prompt | `GET`, `POST` | 5 | 5/second | From an IP Address | | Endpoint | [Burst Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | [Sustained Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | Limit Type | Limit | | -------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ---------- | ------------------- | | OTP (6 numeric digits) failures | 10 | 10 | per hour | To a unique User ID | | Recovery code failures | 10 | 10 | per hour | To a unique User ID | | Webauthn challenge failures | 15 | 15 | per minute | To a unique User ID | | Webauthn challenge generated | 15 | 15 | per minute | To a unique User ID | | Push notifications sent per user | 5 | 5 | per minute | To a unique User ID | | SMS sent per user | 10 | 1 | per hour | To a unique User ID | | Email sent per user | 20 | 1 | per minute | To a unique User ID | Tenant Level: | Endpoint | Method | [Burst Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | [Sustained Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | Limit Type | | -------------------------------------- | ----------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------- | | Read Authentication Methods | `GET` | 5 | 5/second | Any request | | Write Authentication Methods | `POST`, `PUT`, `DELETE` | 5 | 5/second | Any request | | Read Authentication Methods (filtered) | `GET` | 20 | 20/second | Any request | User Level: | Endpoint | Method | [Burst Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | [Sustained Request Limit](/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#rate-limit-algorithm) | Limit Type | | -------------------------------------- | ----------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------------------- | | Read Authentication Methods | `GET` | 5 | 5/minute | To a unique User ID | | Write Authentication Methods | `POST`, `PUT`, `DELETE` | 5 | 5/minute | To a unique User ID | | Read Authentication Methods (filtered) | `GET` | 10 | 10/minute | To a unique User ID |