Rate limits
Rate limiting on Clerk's APIs
Rate limits
Clerk rate limits certain endpoints to help protect users against brute-force attacks or to stop abuse of Clerk's platform. Rate limiting is based on IP addresses.
Errors
If you receive a 429 error code, that means your IP address has been rate limited. All subsequent requests to that specific endpoint coming from your IP address will be blocked for a given amount of time.
Requests that have been rate limited, will receive the Retry-After response header, which contains the number of seconds after which the block expires.
Frontend API Requests
| Name | Type | Description |
|---|---|---|
| Create SignIn | /v1/sign_ins | 7 requests per 10 seconds |
| Create SignUp | /v1/sign_ups | 7 requests per 10 seconds |
| Attempt SignIn | /v1/sign_ins/attempt_(first|second)_factor | 3 requests per 10 seconds |
| Attempt SignUp | /v1/sign_ups/attempt_verification | 3 requests per 10 seconds |
Backend API Requests
| Name | Type | Description |
|---|---|---|
| Create users | POST /v1/users | 20 requests per 10 seconds |
| All other endpoints | 100 requests per 10 seconds |