Menu
I'm considering to use https://www.googleapis.com/auth/userinfo.email to get hold of the user's email address and I've seen numerous examples on how to do this in both Google's own documentation and other guides on the Internet.
However I have not been able to find any information on what the rate limits are, or if there even are any rate limits for this. The Google APIs Console lists courtesy limits for many different APIs, but nothing is mentioned about the OAuth 2.0 API.
Does anyone know if there are any limits, and if so what they are?
268
Number of requests per day per project: 50,000. Number of requests per view (profile) per day: 10,000 (cannot be increased) Number of requests per 100 seconds per project: 2,000. Number of requests per 100 seconds per user per project: 100 (can be increased in Google API Console to 1,000).
Google Cloud enforces quotas that constrain how much of a particular Google Cloud resource your project can use. Rate quotas specify how much of a resource can be used in a given time, such as API requests per day.
OAuth 2.0 clients for web apps must use redirect URIs and JavaScript origins that are compliant with Google's validation rules, including using the HTTPS scheme. Google may reject OAuth requests that don't originate from or resolve to a secure context.
Google has a formal verification program where application vendors have to show how these permissions are used, and the riskiest permissions require an additional layer of security checks. But giving your users free-reign to use OAuth2 is a big step.
I can say fairly certainty that there are NO LIMITS to any of Google's Authorization API's.
I know this because it does not state ANY LIMITS anywhere within there Authorization API's Terms of Service. In fact, the Terms of Service itself is very bare:
Google Account Authentication APIs Terms of Service
Last modified: April 20, 2012 By using this API, you consent to be bound by these terms in addition to the Google APIs Terms of Service ("API ToS") at https://developers.google.com/terms. Deprecation Policy
Google will announce if we intend to discontinue or make backwards incompatible changes to this API or Service. We will use commercially reasonable efforts to continue to operate the Google Account Authentication APIs (exclusive of OAuth 2.0) without these changes until April 20, 2015, unless (as Google determines in its reasonable good faith judgment):
required by law or third party relationship (including if there is a change in applicable law or relationship), or doing so could create a security risk or substantial economic or material technical burden. This Deprecation Policy doesn't apply to versions, features, and functionality labeled as "experimental."
After April 20, 2015, this Deprecation Policy will not apply.
If there were to be limits, Google generally would have to put them in there ToS, so I can safely say that there are no limits.
199
This is an old question, so things have likely changed since the original reply, but Google now has "quota restrictions based on risk level" (whatever that means):
To protect users and Google systems from abuse, applications that use OAuth and Google Identity have certain quota restrictions based on the risk level of the OAuth scopes an app uses. These limits include the following:
- A new user authorization rate limit that limits how quickly your application can get new users.
- A total new user cap. To learn more, see the Unverified apps page.
When an application exceeds the rate limit,
Error 403: rate_limit_exceededis displayed to users
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
