API Rate Limits
Understand the rate limiting for APIs for different identity domain types.
Oracle APIs are subject to rate limiting to protect the API service usage for all Oracle's customers. If you reach the API limit for the identity domain type, then IAM returns a 429 error code.
Rate Limits for all Identity Domain Types
API Group | Per | Free | Oracle Apps | Oracle Apps Premium | Premium | External User |
---|---|---|---|---|---|---|
AuthN | second | 10 | 50 | 80 | 95 | 90 |
AuthN | minute | 150 | 1000 | 2100 | 4500 | 3100 |
Token Mgmt | second | 10 | 40 | 50 | 65 | 60 |
Token Mgmt | minute | 150 | 1000 | 1700 | 3400 | 2300 |
Others | second | 20 | 50 | 55 | 90 | 80 |
Others | minute | 150 | 1500 | 1750 | 5000 | 4000 |
Bulk | second | 5 | 5 | 5 | 5 | 5 |
Bulk | minute | 200 | 200 | 200 | 200 | 200 |
Import and export | day | 4 | 8 | 10 | 10 | 10 |
Note
The maximum number of Identity Propagation Trust objects that can be created is restricted to 30. Contact support if the limit needs to be increased. For more information on object limits, see IAM Identity Domain Object Limits.
The maximum number of Identity Propagation Trust objects that can be created is restricted to 30. Contact support if the limit needs to be increased. For more information on object limits, see IAM Identity Domain Object Limits.
APIs in API Groups
API limits apply to the total of all APIs within a group.
Authentication
/sso/v1/user/login
/sso/v1/user/secure/login
/sso/v1/user/logout
/sso/v1/sdk/authenticate
/sso/v1/sdk/session
/sso/v1/sdk/idp
/sso/v1/sdk/secure/session
/mfa/v1/requests
/mfa/v1/users/{userguid}/factors
/oauth2/v1/authorize
/oauth2/v1/userlogout
/oauth2/v1/consent
/fed/v1/user/request/login
/fed/v1/sp/sso
/fed/v1/idp/sso
/fed/v1/idp/usernametoken
/fed/v1/metadata
/fed/v1/mex
/fed/v1/sp/slo
/fed/v1/sp/initiatesso
/fed/v1/sp/ssomtls
/fed/v1/idp/slo
/fed/v1/idp/initiatesso
/fed/v1/idp/wsfed
/fed/v1/idp/wsfedsignoutreturn
/fed/v1/user/response/login
/fed/v1/user/request/logout
/fed/v1/user/response/logout
/fed/v1/user/testspstart
/fed/v1/user/testspresult
/admin/v1/SigningCert/jwk
/admin/v1/HTTPAuthenticator
/admin/v1/PasswordAuthenticator
/admin/v1/Asserter
/admin/v1/MyAuthenticationFactorInitiator
/admin/v1/MyAuthenticationFactorEnroller
/admin/v1/MyAuthenticationFactorValidator
/admin/v1/MyAuthenticationFactorsRemover
/admin/v1/TermsOfUseConsent
/admin/v1/MyTermsOfUseConsent
/admin/v1/TrustedUserAgents
/admin/v1/AuthenticationFactorInitiator
/admin/v1/AuthenticationFactorEnroller
/admin/v1/AuthenticationFactorValidator
/admin/v1/MePasswordResetter
/admin/v1/UserPasswordChanger
/admin/v1/UserLockedStateChanger
/admin/v1/AuthenticationFactorsRemover
/admin/v1/BypassCodes
/admin/v1/MyBypassCodes
/admin/v1/MyTrustedUserAgents
/admin/v1/Devices
/admin/v1/MyDevices
/admin/v1/TermsOfUses
/admin/v1/TermsOfUseStatements
/admin/v1/AuthenticationFactorSettings
/admin/v1/SsoSettings
/admin/v1/AdaptiveAccessSettings
/admin/v1/RiskProviderProfiles
/admin/v1/Threats
/admin/v1/UserDevices
/session/v1/SessionsLogoutValidator
/ui/v1/signin
Tokens
/oauth2/v1/token
/oauth2/v1/introspect
/oauth2/v1/revoke
/oauth2/v1/device
Import/Export
/job/v1/JobSchedules?jobType=UserImport
/job/v1/JobSchedules?jobType=UserExport
/job/v1/JobSchedules?jobType=GroupImport
/job/v1/JobSchedules?jobType=GroupExport
/job/v1/JobSchedules?jobType=AppRoleImport
/job/v1/JobSchedules?jobType=AppRoleExport
Bulk
/admin/v1/Bulk
/admin/v1/BulkUserPasswordChanger
/admin/v1/BulkUserPasswordResetter
/admin/v1/BulkSourceEvents
Other
Any API not in one of the other API Groups is included in the Other API Group
Other Restrictions
These restrictions are for Bulk, Import, and Export for all tiers:
- Payload size: 1 MB
- Bulk API: 50 operations limit per call
- Only one of these can be run at a time:
- Import: For Users, Groups & App Role Memberships
- Full sync from apps
- Bulk APIs
- Export: For Users, Groups & App Role Memberships
- CSV Import: 100 K rows limit per CSV & Max file size: 10 MB
- CSV Export: 100 K rows limit