Rate limits
Clerk rate limits certain endpoints to help protect users against brute-force attacks or to stop abuse of Clerk's platform.
Rate limiting is based on IP addresses.
Errors
If you receive a 429 error code, your IP address has been rate limited. All subsequent requests to that specific endpoint coming from your IP address will be blocked for a given amount of time.
Requests that have been rate limited will receive the Retry-After response header, which contains the number of seconds after which the block expires.
Frontend API requests
Frontend API requests are rate limited per user.
- Name
- Create SignIn
- Type
/v1/sign_ins- Description
7 requests per 10 seconds
- Name
- Create SignUp
- Type
/v1/sign_ups- Description
7 requests per 10 seconds
- Name
- Attempt SignIn
- Type
/v1/sign_ins/attempt_(first|second)_factor- Description
3 requests per 10 seconds
- Name
- Attempt SignUp
- Type
/v1/sign_ups/attempt_verification- Description
3 requests per 10 seconds
Backend API requests
Backend API requests are rate limited per application instance.
- Name
- Create users
- Type
POST /v1/users- Description
20 requests per 10 seconds
- Name
- All other endpoints
- Description
100 requests per 10 seconds
- Name
- Get the JWKS of the instance
- Type
GET /v1/jwks- Description
No rate limit