Skip to Content
You are viewing a beta version of Clerk Docs
Visit the latest docs
Clerk logo

Clerk Docs

Ctrl + K
Go to clerk.com

Rate limits

Clerk rate limits certain endpoints to help protect users against brute-force attacks or to stop abuse of Clerk's platform.

Rate limiting is based on IP addresses.

Errors

If you receive a 429 error code, your IP address has been rate limited. All subsequent requests to that specific endpoint coming from your IP address will be blocked for a given amount of time.

Requests that have been rate limited will receive the Retry-After response header, which contains the number of seconds after which the block expires.

Frontend API requests

Frontend API requests are rate limited per user.

NameTypeDescription
Create SignIn/v1/sign_ins7 requests per 10 seconds
Create SignUp/v1/sign_ups7 requests per 10 seconds
Attempt SignIn/v1/sign_ins/attempt_(first|second)_factor3 requests per 10 seconds
Attempt SignUp/v1/sign_ups/attempt_verification3 requests per 10 seconds

Backend API requests

Backend API requests are rate limited per application instance.

NameTypeDescription
Create usersPOST /v1/users20 requests per 10 seconds
All other endpoints100 requests per 10 seconds
Get the JWKS of the instanceGET /v1/jwksNo rate limit

The currentUser() helper uses the GET /v1/users/me endpoint, so it is subject to the 100 requests per 10 seconds rate limit.

Last updated on April 3, 2024

What did you think of this content?

Clerk © 2024