Any way for us to see if we are getting rate limited on login requests towards Ory? 😊 Many of our monitoring tests fail with a 429 error code during login since yesterday evening (-- but no issues reported by actual users, so not sure if its rate limiting or not)

Sounds like edge rate limiting. You can look at the response headers. If they are missing Ory headers then most likely you are being rate limited based on abuse patterns. If they have Ory headers (this is typically not a 429 status) they it is a plan level rate limit. More details can be seen here: https://www.ory.sh/docs/guides/rate-limits

Thanks! That was helpful 😊 so the 429 error response does not have any headers from ory, but seem to be blocked by cloudflare. On login we do a request directly to Ory (<prokect-slug>.projects.oryapis.com) where some of our automated tests gets rate limited (from Frankfurt only). Have not encountered this before and we have been running these tests for more 2 years. Are there any recent changes on your end to these policies that might have affected this?

Not any specific changes, just the WAF is responding more to what appears to be abuse from the same IP address in a short time frame. I know we will be looking at rate limits again in the network in the coming months so keep an eye on that page for changes. Depending on your tier we do also allow for whitelisting of IP addresses if you have access to the support ticket portal.

Also experiencing this; I unfortunately don't have a specific set of IP addresses but do have an entire project that this applies to, so hopefully that's also a valid solution.

Hello there! You are being blocked by a rule that counts unique identifiers like emails, codes on the endpoints. It seems you maybe reusing the same identifier over and over again, which would be the same as someone trying to brute force an account 🙂 If those are your tests i would advise you rotate a few identities to increase the variation