Duo Security · Rate Limits

Duo Security Rate Limits

Machine-readable rate limit definitions for the Duo Security API surface. Captures per-tier quotas, burst behavior, response signaling, and recovery semantics. Defaults are scaffold values to be replaced with published provider limits.

Duo Security Rate Limits is the machine-readable rate-limit profile for Duo Security on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 5 rate-limit definitions, across the free, professional, and enterprise tiers, measuring requests_per_minute and requests_per_month.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled, quotaExceeded, and serviceUnavailable.

Tagged areas include Authentication, MFA, Zero Trust, Identity, and Rate Limiting.

5 Limits Throttle: 429 Quota: 429
AuthenticationMFAZero TrustIdentityRate LimitingQuotasThrottling

Limits

Free Tier Default api-key
requests_per_minute · minute
10
Free Tier Monthly Quota api-key
requests_per_month · month
1000
Professional Tier Default api-key
requests_per_minute · minute
100
Professional Tier Monthly Quota api-key
requests_per_month · month
100000
Enterprise Negotiated Limit contract
requests_per_minute · minute
1000

Policies

Backoff Strategy
Clients should implement exponential backoff with jitter, honoring the Retry-After header when present.
Burst Handling
Short bursts above the steady-state limit are tolerated up to the documented burst ceiling before throttling engages.
Quota Reset
Monthly quotas reset at the start of each calendar month in UTC. Per-minute and per-second windows reset on a sliding-window basis.
Fair Use
Even on uncapped enterprise tiers, sustained usage that materially impacts shared infrastructure may be subject to fair-use throttling.