Token Quotas

The Maximum Access Token Lifetime or the time until an access token issued for the API will expire is 86400 seconds.

The Client Credentials Flow enables the applications that use the VTN Credential, such as CLIs, daemons, or backend services, to obtain access tokens on their own behalf without any user interaction.

The Switch Authorization Server imposes rate limits on the token endpoint which when reached will reject the requests to fetch an access token for a given time period.

Token Endpoint Rate Limits

The following rate limits are applied to the token endpoint:

Environment
Per Hour
Per Day

Test

20

100

Production

10

50

Quota headers

The Switch Authorization Server (Auth0) includes HTTP header in Client Credentials Flow responses (both successful and 429 error responses) to provide real-time information about quota consumption:

  • Auth0-Client-Quota-Limit: Provides quota information for the application

The Switch Authorization Server only includes the headers corresponding to the quotas for the token request in the response. The following code sample is an example quota header:

Auth0-Client-Quota-Limit: b=per_hour;q=10;r=7;t=3540,b=per_day;q=50;r=47;t=43200

The header values are comma-separated lists of quota buckets. Each bucket is represented as a semicolon-separated list of key-value pairs:

  • b (bucket_name): The name of the quota bucket (per_hour or per_day).

  • q (quota): The configured quota limit for the bucket.

  • r (remaining): The number of remaining tokens in the bucket.

  • t (time): The number of seconds until the bucket resets.

In the Auth0-Client-Quota-Limit example:

  • The application has an hourly quota (b=per_hour) of 10 tokens (q=10). It has 7 tokens remaining (r=7), and the quota resets in 3540 seconds (t=3540).

  • The application also has a daily quota (b=per_day) of 50 tokens (q=50). It has 47 tokens remaining (r=47), and the quota resets in 43200 seconds (t=43200).

Error responses for exceeded quotas

When an enforced quota is exceeded, the API returns an HTTP 429 Too Many Requests error. In the response body, an error code with a more detailed description is returned.

The following code sample is an example error response for an exceeded quota:

{
  "error": "too_many_requests",
  "error_description": "Client quota exceeded"
}

In addition to the response body, the following headers are returned:

  • Auth0-Client-Quota-Limit: The quota header corresponding to the consumed quota for the application.

  • X-RateLimit-Limit: The configured limit for the quota that has been consumed.

  • X-RateLimit-Remaining: Set to zero, indicating that the quota has been fully consumed.

  • X-RateLimit-Reset: A UNIX timestamp (in seconds) representing the time when the quota is expected to reset and further requests will be allowed.

  • Retry-After: The number of seconds until the quota resets and further requests will succeed.

PreviousToken EndpointNextAPI Reference

Last updated

Was this helpful?