Hanko Rate Limits
Hanko applies per-operation token-bucket rate limits to sensitive authentication endpoints including OTP, passcode, and password operations. The default configuration allows 3 requests per 1-minute window per scope. Rate limits are configurable in self-hosted deployments via the backend configuration schema (v2.7.0+). Cloud-hosted deployments return HTTP 429 when limits are exceeded. Specific cloud-tier rate limit values are not publicly documented beyond the open-source defaults.
Hanko Rate Limits is the machine-readable rate-limit profile for Hanko on the APIs.io network, conforming to the API Commons Rate Limits specification.
It captures 3 rate-limit definitions, measuring requests_per_minute.
The profile also includes response codes documented for throttled.
Tagged areas include Rate Limiting, Authentication, and Passkeys.