Management rate limits
This page provides the API rate limits for management activities, which is part of Okta rate limits.
Note:
- To learn more about rate limits, visit our overview and best practices pages.
- In addition to the rate limit per API, Okta implements limits on concurrent requests, Okta-generated email messages, end user requests, and home page endpoints. These limits are described on the Additional limits page.
- You can expand Okta rate limits upon request. To learn how, see Request exceptions and DynamicScale rate limits.
We enforce limits at the individual API endpoint level as requests per minute.
| Action and Okta API Endpoint | Developer (free) | Developer (paid) | One App | Enterprise | Workforce Identity |
|---|---|---|---|---|---|
| Cumulative rate limit | 980 | 2,400 | 2,400 | 5,200 | 7,000 |
Create or list applications:/api/v1/apps except /api/v1/apps/{id} | 20 | 25 | 25 | 100 | 100 |
Get, update, or delete an application by ID:/api/v1/apps/{id} only | 100 | 300 | 300 | 600 | 500 |
Create or list groups:/api/v1/groups except /api/v1/groups/{id} | 100 | 300 | 300 | 600 | 500 |
Get, update, or delete a group by ID:/api/v1/groups/{id} only | 100 | 300 | 300 | 600 | 1,000 |
| Create or list users: Only GET or POST to /api/v1/users | 100 | 300 | 300 | 600 | 600 |
| Update or delete a user by ID: Only POST, PUT or DELETE to /api/v1/users/{id} | 100 | 300 | 300 | 600 | 600 |
Get System Log data:/api/v1/logs | 20 | 25 | 25 | 50 | 120 |
Get System Log data:/api/v1/events | 20 | 25 | 25 | 50 | 100 |
OAuth2 client configuration requests:/oauth2/v1/clients | 25 | 50 | 50 | 100 | 100 |
Most other API actions:/api/v1 | 100 | 300 | 300 | 600 | 1,200 |
| Get a user by ID or sign in Only GET to /api/v1/users/{idOrLogin} | 100 | 300 | 300 | 1,000 | 2,000 |
/api/v1/certificateAuthorities | 100 | 100 | 100 | 150 | 100 |
/api/v1/devices | 100 | 100 | 100 | 150 | 100 |