Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello dear friends! We are having rate limiting issues again, to the degree that our internal auth service can't boot - who can I talk to about maybe getting a higher burst limit?

Specifically, our auth service fetches all identities and permissions on startup (which are quite a few), in order to cache them and use them for token exchange, as well as user lists, and our scim implementation etc. So if you consider this, this one massive burst on startup saves you guys a lot of traffic after the service is up and running :slightly_smiling_face:

Also, before you ask, the reason we are doing this level of caching is that our regular traffic actually caused intermittent 429's all throughout the day - so it is really in your favor :innocent:

Believe it or not, but SCIM is actually quite chatty

Hello, we are checking what we can do :slightly_smiling_face:

<@U04FPUH2G6L> do you do these requests from a fixed set of IPs?

Yeah, they all come from the same cluster, which shares a load balancer (on the same public IP)