Quotas and limits
The following auth operations have limitations on the frequency you can perform them. Contact Google Cloud a few weeks in advance to discuss special use cases.
Daily Instrumentless Usage Limits
The following limits are daily usage limits for users of Identity Platform without a billing instrument. These usage limits correspond directly to Google Cloud Pricing Tiers.
Usage | Instrumentless Limit |
---|---|
Tier 1 Daily Active Users | 3000 per day |
Tier 2 Daily Active Users | 2 per day |
SMS Sent | 10 per day |
Multi Factor Authentications | 10 per day |
Account creation and deletion limits
Operation | Limit |
---|---|
New account creation | 100 accounts/IP address/hour |
Account deletion | 10 accounts/second |
Batch account deletion | 1 request/second |
Account configuration updates | 10 requests/second |
Accounts per project
Account type | Limit |
---|---|
Anonymous user accounts | 100 million |
Registered user accounts | Unlimited |
Tenants per project
Billing model | Limit |
---|---|
Instrumentless | 2 tenants/project |
Billing instrument | Unlimited |
Providers per project or tenant
There is no limit on the number of identity providers allowed per project or tenant.
Email sending limits
The quotas listed in this section scale with the size of their respective projects.
Operation | Instrumentless | With billing instrument |
---|---|---|
Address verification emails | 1000 emails/day | 100,000 emails/day |
Address change emails | 1000 emails/day | 10,000 emails/day |
Password reset emails | 150 emails/day | 10,000 emails/day |
Email link sign-in emails | 5 emails/day | 25,000 emails/day |
Email link generation limits
The quotas listed in this section scale with the size of their respective projects.
Operation | Instrumentless | With billing instrument |
---|---|---|
Address verification links | 10,000 emails/day | 1,000,000 emails/day |
Password reset links | 1500 emails/day | 100,000 emails/day |
Sign-in links | 20,000 emails/day | 250,000 emails/day |
Phone number sign-in limits
Operation | Limit |
---|---|
User sign-ins | 1600/project/minute, as well as the pricing and limits specified on the Pricing page |
Verification code SMS messages |
Instrumentless: 10 SMS/day Billing instrument: No SMS/day limit |
Verification requests | 150 requests/IP address/hour |
Verification SMS sending limits
Operation | Limit |
---|---|
Verification SMS sent per project | 1,500 sent/minute |
Verification SMS sent per IP address | 50 sent/minute, 500 sent/hour |
Additionally, there is a limit on the number of verification SMS messages a project can send to a single phone number within a set amount of time. You can test with fictional numbers or across multiple devices to ensure a project does not exceed these limits.
Additionally, you can track verification codes sent per phone number if you've enabled Activity Logging on your project.
SMS MFA limits
Operation | Limit |
---|---|
Start MFA enrollment per project and IP address | 50 requests/minute, 500 requests/hour |
Finalize MFA enrollment per project and IP address | 150 requests/hour |
Start MFA sign-in per project and IP address | 50 requests/minute, 500 requests/hour |
Finalize MFA sign-in per project and IP address | 150 requests/hour |
SMS verification codes sent per phone number | 10 sent/hour |
Identity Toolkit API limits
Operation | Limit |
---|---|
Operations per service account | 500 requests/second |
Operations per project | 1000 requests/second, 10 million requests/day |
Account uploads per project* | 3600 uploads/minute |
Account downloads per project* | 21,000 requests/minute |
UserInfo queries per project* | 900 requests/minute |
Configuration updates per project* | 300 requests/minute |
Configuration updates per project and user* | 300 requests/minute |
Bulk delete accounts per project* | 3000 requests/minute |
Custom token sign-ins per project | 45,000 sign-ins/minute |
createAuthURI calls per IP address |
120 requests/hour |
Blocking function invocations per project | 2000 requests/minute |
* Admin-only operations.
The following methods leverage the createAuthURI
endpoint:
- Client SDK:
fetchProvidersForEmail()
andfetchSignInMethodsForEmail(email)
- Admin SDK:
getUserByEmail()
Token Service API limits
Operation | Limit |
---|---|
Token exchange per project | 18,000 exchanges/minute |