Ory Corp Rate Limits
Ory Network applies per-project rate limits that differ by endpoint class and plan tier. Public / frontend endpoints (self-service flows, OAuth2 token and authorization, session whoami, permission checks) and privileged admin endpoints (identity admin, OAuth2 admin, relationship writes, Console) are metered in separate buckets, and admin surfaces are generally allowed higher throughput than anonymous public surfaces. Limits scale up on paid Production, Growth, and Enterprise plans. When self-hosting the open-source Ory stack, there is no Ory-imposed rate limit - throughput is bounded only by your own infrastructure and any proxy/gateway you place in front (for example Ory Oathkeeper or an ingress). Requests over the limit receive HTTP 429 with a Retry-After header.
Ory Corp Rate Limits is the machine-readable rate-limit profile for Ory on the APIs.io network, conforming to the API Commons Rate Limits specification.
It captures 4 rate-limit definitions, measuring requests.
The profile also includes 3 backoff/retry policies defined and response codes documented for throttled.
Tagged areas include Identity, Authentication, OAuth2, Authorization, and Rate Limiting.