Clerk · Rate Limits

Clerk Dev Rate Limits

Clerk publishes explicit numeric rate limits for both the Backend API and the Frontend API. Backend API requests are limited per application instance (identified by Secret Key): production instances allow 1000 requests per 10 seconds (~100 req/sec) and development instances allow 100 requests per 10 seconds (~10 req/sec). Frontend API requests are limited per user (identified by IP address). Several endpoints have tighter, purpose-specific limits - invitations are capped per hour, and per-resource updates (user, organization, membership) are capped at 10 requests per 10 seconds per resource. The JWKS endpoint (GET /v1/jwks) is not rate limited. When a limit is exceeded the API responds with HTTP 429 and a Retry-After header giving the cooldown in seconds.

Clerk Dev Rate Limits is the machine-readable rate-limit profile for Clerk on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 10 rate-limit definitions, measuring requests.

The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Authentication, User Management, Rate Limiting, and Quotas.

10 Limits Throttle: 429
AuthenticationUser ManagementRate LimitingQuotas

Limits

Backend API (Production) instance
requests
1000 per 10 seconds
Per application instance, identified by the Secret Key. Roughly 100 requests/second.
Backend API (Development) instance
requests
100 per 10 seconds
Development instances are limited to roughly 10 requests/second.
Frontend API - Sign-in / Sign-up Creation user
requests
5 per 10 seconds
Per user, identified by IP address.
Frontend API - Verification Attempts user
requests
3 per 10 seconds
Sign-in / sign-up verification (OTP / code) attempts, per user by IP.
Resource Updates (User / Organization / Membership) resource
requests
10 per 10 seconds
Update operations are limited per individual resource.
Single Invitations instance
requests
100 per hour
POST /v1/invitations.
Bulk Invitations instance
requests
25 per hour
POST /v1/invitations/bulk.
Organization Invitations (Single) instance
requests
250 per hour
Single organization invitation creation.
Organization Invitations (Bulk) instance
requests
50 per hour
Bulk organization invitation creation.
JWKS Retrieval public
requests
no rate limit
GET /v1/jwks is unauthenticated and not rate limited.

Policies

Retry-After Header
On a 429 response, the Retry-After header indicates the number of seconds until the block expires.
Backoff Strategy
Clients should implement exponential backoff with jitter and honor the Retry-After header rather than retrying immediately.
Cache JWKS
Cache the JWKS response and Clerk-issued token verification locally rather than fetching JWKS on every request, even though the endpoint is unlimited.

Sources