Rate limits
Clerk rate limits certain endpoints to help protect users against brute-force attacks or to stop abuse of Clerk's platform.
Errors
If you receive a 429 error code, you have been rate limited. All subsequent requests to that specific endpoint will be blocked for a given amount of time.
Requests that have been rate limited will receive the Retry-After response header, which contains the number of seconds after which the block expires.
Frontend API requests
Frontend API requests are rate-limited per user and identified by their IP address.
- Name
- Create SignIn
- Type
/v1/sign_ins- Description
5 requests per 10 seconds
- Name
- Create SignUp
- Type
/v1/sign_ups- Description
5 requests per 10 seconds
- Name
- Attempt SignIn
- Type
/v1/sign_ins/attempt_(first|second)_factor- Description
3 requests per 10 seconds
- Name
- Attempt SignUp
- Type
/v1/sign_ups/attempt_verification- Description
3 requests per 10 seconds
Backend API requests
Backend API requests are rate-limited per application instance which is identified by the Secret Key that is provided when making Backend API requests. These limits differ based on whether you're using a development or production instance.
- Name
- Production instances
- Description
1000 requests per 10 seconds
- Name
- Development instances
- Description
100 requests per 10 seconds
- Name
- Get the JWKS of the instance
- Type
GET /v1/jwks- Description
No rate limit
Feedback
Last updated on