Generated from endpoint-bucket-mapping.csv
This document shows which API endpoints are grouped into which rate limit buckets.
What are buckets?
- Buckets group related endpoints that share the same rate limits
- Bucket names follow the pattern: {service}-{type}-{priority}
- Service: kratos, hydra, keto, or polis
- Type: admin (management APIs) or public (end-user APIs)
- Priority: low, medium, or high (based on expected load and criticality)
How to use this document: 1. Find your service section (Kratos, Hydra, Keto, or Polis) 2. Look up the bucket to see which endpoints it contains 3. Click the tier links [D/P/G/E] next to each bucket to see its rate limit thresholds
Tier abbreviations: - D = Develop tier - P = Production tier - G = Growth tier - E = Enterprise tier
| Bucket | Endpoints |
|---|---|
kratos-admin-low [D] [P] [G] [E] |
/admin/identities/{id} - GET /admin/sessions/{id} - GET |
kratos-admin-medium [D] [P] [G] [E] |
/admin/courier/messages/{id} - GET /admin/identities - GET /admin/identities/by/external/{externalID} - GET /admin/identities/{id}/sessions - GET /admin/sessions - GET /schemas - GET /schemas/{id} - GET /scim/{client}/v2/Groups - GET /scim/{client}/v2/Groups/{id} - GET /scim/{client}/v2/Schemas - GET /scim/{client}/v2/Schemas/{id} - GET /scim/{client}/v2/ServiceProviderConfig - GET /scim/{client}/v2/Users - GET /scim/{client}/v2/Users/{id} - GET |
kratos-admin-high [D] [P] [G] [E] |
/admin/courier/messages - GET /admin/identities - PATCH /admin/identities - POST /admin/identities/{id} - DELETE /admin/identities/{id} - PATCH /admin/identities/{id} - PUT /admin/identities/{id}/credentials/{type} - DELETE /admin/identities/{id}/sessions - DELETE /admin/recovery/code - POST /admin/recovery/link - POST /admin/sessions/{id} - DELETE /admin/sessions/{id}/extend - PATCH /scim/{client}/v2/Groups - POST /scim/{client}/v2/Groups/{id} - DELETE /scim/{client}/v2/Groups/{id} - PATCH /scim/{client}/v2/Groups/{id} - PUT /scim/{client}/v2/Users - POST /scim/{client}/v2/Users/{id} - DELETE /scim/{client}/v2/Users/{id} - PATCH /scim/{client}/v2/Users/{id} - PUT |
kratos-public-low [D] [P] [G] [E] |
/self-service/errors - GET /self-service/fed-cm/parameters - GET /self-service/login - GET /self-service/login/flows - GET /self-service/logout - GET /self-service/methods/oidc/callback - GET /self-service/recovery - GET /self-service/recovery/flows - GET /self-service/registration - GET /self-service/registration/flows - GET /self-service/settings - GET /self-service/settings/flows - GET /self-service/verification - GET /self-service/verification/flows - GET /sessions/whoami - GET |
kratos-public-medium [D] [P] [G] [E] |
/self-service/login/api - GET /self-service/login/browser - GET /self-service/login/browser - POST /self-service/logout/api - DELETE /self-service/logout/browser - GET /self-service/methods/oidc/callback/{provider_id} - GET /self-service/methods/oidc/organizations/{organization_id} - GET /self-service/methods/saml/callback/{provider_id} - GET /self-service/methods/saml/organizations/{organization_id} - GET /self-service/recovery/api - GET /self-service/recovery/browser - GET /self-service/registration/api - GET /self-service/registration/browser - GET /self-service/settings/api - GET /self-service/settings/browser - GET /self-service/verification/api - GET /self-service/verification/browser - GET /sessions - GET /sessions/token-exchange - GET |
kratos-public-high [D] [P] [G] [E] |
/self-service/fed-cm/token - POST /self-service/login - POST /self-service/recovery - POST /self-service/registration - POST /self-service/settings - POST /self-service/verification - POST /sessions - DELETE /sessions/{id} - DELETE |
| Bucket | Endpoints |
|---|---|
hydra-admin-low [D] [P] [G] [E] |
/admin/clients/{id} - GET /admin/oauth2/auth/requests/consent - GET /admin/oauth2/auth/requests/consent/accept - PUT /admin/oauth2/auth/requests/consent/reject - PUT /admin/oauth2/auth/requests/device/accept - PUT /admin/oauth2/auth/requests/login - GET /admin/oauth2/auth/requests/login/accept - PUT /admin/oauth2/auth/requests/login/reject - PUT /admin/oauth2/auth/requests/logout - GET /admin/oauth2/auth/requests/logout/accept - PUT /admin/oauth2/auth/requests/logout/reject - PUT /admin/oauth2/auth/sessions/consent - GET /admin/oauth2/introspect - POST /oauth2/device/verify - GET /oauth2/register/{id} - GET |
hydra-admin-medium [D] [P] [G] [E] |
/admin/clients - GET /admin/keys/{set} - GET /admin/keys/{set}/{kid} - GET /admin/trust/grants/jwt-bearer/issuers - GET /admin/trust/grants/jwt-bearer/issuers/{id} - GET /credentials - POST |
hydra-admin-high [D] [P] [G] [E] |
/admin/clients - POST /admin/clients/{id} - DELETE /admin/clients/{id} - PATCH /admin/clients/{id} - PUT /admin/clients/{id}/lifespans - PUT /admin/keys/{set} - DELETE /admin/keys/{set} - POST /admin/keys/{set} - PUT /admin/keys/{set}/{kid} - DELETE /admin/keys/{set}/{kid} - PUT /admin/oauth2/auth/sessions/consent - DELETE /admin/oauth2/auth/sessions/login - DELETE /admin/oauth2/tokens - DELETE /admin/trust/grants/jwt-bearer/issuers - POST /admin/trust/grants/jwt-bearer/issuers/{id} - DELETE |
hydra-public-low [D] [P] [G] [E] |
/.well-known/jwks.json - GET /.well-known/openid-configuration - GET /.well-known/ory/webauthn.js - GET /oauth2/consent - GET /oauth2/device/auth - POST /oauth2/fallbacks/logout/callback - GET |
hydra-public-medium [D] [P] [G] [E] |
/oauth2/auth - GET /oauth2/auth - POST /oauth2/revoke - POST /oauth2/sessions/logout - GET /oauth2/sessions/logout - POST /oauth2/token - POST /userinfo - GET |
hydra-public-high [D] [P] [G] [E] |
/oauth2/register - POST /oauth2/register/{id} - DELETE /oauth2/register/{id} - PUT |
| Bucket | Endpoints |
|---|---|
keto-admin-medium [D] [P] [G] [E] |
/opl/syntax/check - POST /relation-tuples - GET /relation-tuples/expand - GET |
keto-admin-high [D] [P] [G] [E] |
/admin/relation-tuples - DELETE /admin/relation-tuples - PATCH /admin/relation-tuples - PUT /namespaces - GET /ory.keto.relation_tuples.v1alpha2.WriteService/TransactRelationTuples - POST |
keto-public-low [D] [P] [G] [E] |
/ory.keto.relation_tuples.v1alpha2.CheckService/BatchCheck - POST /ory.keto.relation_tuples.v1alpha2.CheckService/Check - POST /relation-tuples/batch/check - POST /relation-tuples/check - GET /relation-tuples/check - POST /relation-tuples/check/openapi - GET /relation-tuples/check/openapi - POST |