Skip to main content

ZITADEL Cloud Rate Limits

Rate limits are implemented according to our rate limit policy with the following rules:

PathDescriptionThrottlingOne Minute Banning
/ui/login*Global Login, Register and Reset Limit10 requests per second over a minute15 requests per sencond over 3 minutes
Various API paths 1All other gRPC- and REST APIs
- Management API
- Admin API
- Auth API
- System API
4 requests per second over a minute8 requests per second over 3 minutes

1 API paths:

Open to see the reqular expression
/system/v[0-9]+/.*|/auth/v[0-9]+/.|/admin/v[0-9]+/.|/management/v[0-9]+/.*|zitadel\.system\.v[0-9]+\.SystemService/.*|zitadel\.admin\.v[0-9]+\.AdminService/.*|zitadel\.auth\.v[0-9]+\.AuthService/.*|zitadel\.management\.v[0-9]+\.ManagementService/.*