║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║

---

title: Rate limits description: Learn about rate limiting on the Clerk APIs.

Clerk rate limits certain endpoints to help protect users against brute-force attacks or to stop abuse of Clerk's platform.

Errors

If you receive a 429 error code, you have been rate limited. All subsequent requests to that specific endpoint will be blocked for a given amount of time.

Requests that have been rate limited will receive the Retry-After response header, which contains the number of seconds after which the block expires.

Frontend API requests

Frontend API requests are rate-limited per user and identified by their IP address.

<Properties> - Create SignIn - `/v1/sign_ins`

5 requests per 10 seconds

---

• Create SignUp
• /v1/sign_ups

5 requests per 10 seconds

---

• Attempt SignIn
• /v1/sign_ins/attempt_(first|second)_factor

3 requests per 10 seconds

---

• Attempt SignUp
• /v1/sign_ups/attempt_verification

3 requests per 10 seconds </Properties>

Backend API requests

Backend API requests are rate-limited per application instance which is identified by the Secret Key that is provided when making Backend API requests. These limits differ based on whether you're using a development or production instance.

<Properties> - Production instances

1000 requests per 10 seconds

---

• Development instances

100 requests per 10 seconds

---

• Get the JWKS of the instance
• GET /v1/jwks

No rate limit </Properties>

[!NOTE] The currentUser() helper uses the GET /v1/users/me endpoint, so it is subject to the respective rate limits.

║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║