Rate Limiting
Rate limiting protects OAuth and administrative endpoints from excessive client traffic, accidental loops, and abusive request patterns.
What Is Limited
- OAuth-facing requests such as authorization, token, and device polling
- Client-specific traffic patterns
- High-frequency retry behavior
Operational Guidance
- Use reasonable retry intervals.
- Respect device authorization polling intervals.
- Monitor repeated failures by client and tenant.
Common Pitfalls
- Retrying immediately after transient failures.
- Polling device or CIBA flows too aggressively.
Troubleshooting
- If clients receive rate-limit responses, inspect retry behavior, polling interval, and tenant/client traffic volume.