This article explains how to differentiate between scenarios in which a user or an application has been rate-limited or blocked due to too many failures.

• Rate Limits Error
• Blocked Users

An error, such as Too Many Failures, can be received with the type gd_otp_rate_limit_exceed in the Tenant logs when the user fails to input the OTP. It could also be the Brute-Force Protection if the threshold is 10. The error for these outcomes is a 429 error. All the rate limit errors also throw 429.

NOTE: The 3 maximum login attempts may be related to the magic link users receive in their emails. If the link is expired and they try to use it 3 times, they will be forbidden (403) from logging in.

Based on the response, error descriptions and error messages can be filtered to understand which type of limit the user is incurring. 

Below are a few common error and warning messages for the rate limit errors:

• Tenant-level global rate limit error when the authentication or management API usage exceeds the limits of the subscription.
  • All requests from different IPs will be rate-limited.
  • Tenant Log type: api_limit. Description: Global rate limit exceeded
• Tenant-level global rate limit warning when the authentication or management API usage is close to the limits of the subscription.
  • Tenant Log type: api_limit_warning. Description: Warning! Global limit usage is high
• Tenant-level rate limit for a specific IP:
  • All requests from this IP will be rate-limited.
  • Tenant Log: You passed the limit of allowed calls to [PATH] from ip: [IP]
• User/device level rate limit:
  • A specific user or device is rate-limited on a specific IP.
  • Tenant Log: You have exceeded the rate limit on [PATH]
  • Tenant Log: You passed the limit of allowed calls to [PATH]