Skip to content

chore: document per-identity rate limits #1787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

chore: document per-identity rate limits #1787

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 45 additions & 32 deletions docs/guides/rate-limits.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,52 +10,65 @@ Ory Network enforces different rate limit policies based on the environment of y
2. `/admin/oauth2/introspect`: OAuth2 token introspection
3. `/relation-tuples/check`: permission check
4. `GET /admin/identities`: list identities
5. `*`: everything else
5. `POST/PATCH/PUT/DELETE /admin/identities/{id}`: update or delete an individual identity
6. `*`: everything else

Each of these policies incorporates two types of rate limits:

1. The `burst` limit, which regulates the maximum number of requests per second, allowing brief spikes in request volume.
2. The `sustained` limit, controlling the number of requests over a one-minute period.

:::note

The rate limit for `POST/PATCH/PUT/DELETE /admin/identities/{id}` is calculated per identity ID. You can edit several identities
in parallel under the regular limit, but you can only edit a single identity twice per minute.

:::

## Developer Plan Rate Limits

| Environment | Path / Bucket | burst (rps) | sustained (rpm) |
| :------------ | :------------------------- | ----------: | --------------: |
| **Developer** | `/sessions/whoami` | 10 | 300 |
| | `/admin/oauth2/introspect` | 10 | 300 |
| | `/relation-tuples/check` | 10 | 300 |
| | `GET /admin/identities` | 1 | 10 |
| | `*` | 5 | 150 |
| Environment | Path / Bucket | burst (rps) | sustained (rpm) |
| :------------ | :--------------------------------------------- | ----------: | --------------: |
| **Developer** | `/sessions/whoami` | 10 | 300 |
| | `/admin/oauth2/introspect` | 10 | 300 |
| | `/relation-tuples/check` | 10 | 300 |
| | `GET /admin/identities` | 1 | 10 |
| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 |
| | `*` | 5 | 150 |

## Production Plan Rate Limits

| Environment | Path / Bucket | burst (rps) | sustained (rpm) |
| :------------- | :------------------------- | ----------: | --------------: |
| **Production** | `/sessions/whoami` | 80 | 1800 |
| | `/admin/oauth2/introspect` | 80 | 1800 |
| | `/relation-tuples/check` | 80 | 1800 |
| | `GET /admin/identities` | 10 | 300 |
| | `*` | 40 | 900 |
| **Staging** | `/sessions/whoami` | 10 | 300 |
| | `/admin/oauth2/introspect` | 10 | 300 |
| | `/relation-tuples/check` | 10 | 300 |
| | `GET /admin/identities` | 1 | 10 |
| | `*` | 5 | 150 |
| Environment | Path / Bucket | burst (rps) | sustained (rpm) |
| :------------- | :--------------------------------------------- | ----------: | --------------: |
| **Production** | `/sessions/whoami` | 80 | 1800 |
| | `/admin/oauth2/introspect` | 80 | 1800 |
| | `/relation-tuples/check` | 80 | 1800 |
| | `GET /admin/identities` | 10 | 300 |
| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 |
| | `*` | 40 | 900 |
| **Staging** | `/sessions/whoami` | 10 | 300 |
| | `/admin/oauth2/introspect` | 10 | 300 |
| | `/relation-tuples/check` | 10 | 300 |
| | `GET /admin/identities` | 1 | 10 |
| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 |
| | `*` | 5 | 150 |

## Growth Plan Rate Limits

| Environment | Path / Bucket | burst (rps) | sustained (rpm) |
| :------------- | :------------------------- | ----------: | --------------: |
| **Production** | `/sessions/whoami` | 800 | 18000 |
| | `/admin/oauth2/introspect` | 800 | 18000 |
| | `/relation-tuples/check` | 800 | 18000 |
| | `GET /admin/identities` | 20 | 600 |
| | `*` | 400 | 9000 |
| **Staging** | `/sessions/whoami` | 10 | 30 |
| | `/admin/oauth2/introspect` | 10 | 300 |
| | `/relation-tuples/check` | 10 | 300 |
| | `GET /admin/identities` | 1 | 10 |
| | `*` | 5 | 150 |
| Environment | Path / Bucket | burst (rps) | sustained (rpm) |
| :------------- | :--------------------------------------------- | ----------: | --------------: |
| **Production** | `/sessions/whoami` | 800 | 18000 |
| | `/admin/oauth2/introspect` | 800 | 18000 |
| | `/relation-tuples/check` | 800 | 18000 |
| | `GET /admin/identities` | 20 | 600 |
| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 |
| | `*` | 400 | 9000 |
| **Staging** | `/sessions/whoami` | 10 | 30 |
| | `/admin/oauth2/introspect` | 10 | 300 |
| | `/relation-tuples/check` | 10 | 300 |
| | `GET /admin/identities` | 1 | 10 |
| | `POST/PATCH/PUT/DELETE /admin/identities/{id}` | 2 | 2 |
| | `*` | 5 | 150 |

:::note

Expand Down