Passage by 1Password · Rate Limits

Passage 1Password Rate Limits

The Passage Management API is authenticated with a per-app Bearer API key. Passage does not publish specific public per-endpoint rate-limit numbers; clients should expect standard abuse-prevention throttling on the api.passage.id surface and handle HTTP 429 responses with backoff. Specific RPM/RPD values are not reconciled in this artifact. NOTE - the Passage product is scheduled for retirement on 2026-01-16.

Passage 1Password Rate Limits is the machine-readable rate-limit profile for Passage by 1Password on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 2 rate-limit definitions, measuring requests.

The profile also includes 2 backoff/retry policies defined and response codes documented for throttled.

Tagged areas include Authentication, Passkeys, WebAuthn, Passwordless, and Identity.

2 Limits Throttle: 429
AuthenticationPasskeysWebAuthnPasswordlessIdentityRate LimitingQuotasThrottling

Limits

Management API Requests app
requests
see provider documentation
Per-app API-key throttling; specific numbers not published.
Magic Link Creation app
requests
see provider documentation
Abuse-prevention limits apply to magic link creation/send.

Policies

Backoff Strategy
Clients should implement exponential backoff with jitter and honor Retry-After on 429 responses.
API Key Scoping
Use a dedicated Management API key per app; rotate keys via the Passage Console.

Sources