Stay organized with collections
Save and categorize content based on your preferences.
Quotas and limits
The following auth operations have limitations on the frequency you can perform
them. Contact
Google Cloud a few weeks in advance
to discuss special use cases.
Daily Instrumentless Usage Limits
The following limits are daily usage limits for users of
Identity Platform without a billing instrument, which is
based on the no-cost Spark pricing plan.
These usage limits correspond directly to
Google Cloud Pricing Tiers.
Usage
Instrumentless Limit
Tier 1 Daily Active Users
3000 per day
Tier 2 Daily Active Users
2 per day
Account creation and deletion limits
Operation
Limit
New account creation
100 accounts/hour for each IP address
Account deletion
10 accounts/second
Batch account deletion
1 request/second
Account configuration updates
10 requests/second
Account limits
Account type
Limit
Anonymous user accounts
100 million
Registered user accounts
Unlimited
Tenants per project
Billing model
Limit
Instrumentless
2 tenants/project
Billing instrument
Unlimited
Providers per project or tenant
There is no limit on the number of identity providers allowed per project or
tenant.
Email sending limits
The quotas listed in this section scale with the number of users.
Operation
Instrumentless
With billing instrument
Address verification emails
1000 emails/day
100,000 emails/day
Address change emails
1000 emails/day
10,000 emails/day
Password reset emails
150 emails/day
10,000 emails/day
Email link sign-in emails
5 emails/day
25,000 emails/day
Email link generation limits
The quotas listed in this section scale with the number of users.
Operation
Instrumentless
With billing instrument
Address verification links
10,000 links/day
1,000,000 links/day
Password reset links
1500 links/day
100,000 links/day
Sign-in links
20,000 links/day
250,000 links/day
Phone number sign-in limits
Operation
Limit
User sign-ins
1600/minute, as well as the pricing and limits specified on the
Pricing page
Verification code SMS messages
Instrumentless: 10 sent SMS/day
Billing instrument: No SMS/day limit
Verification requests
150 requests/IP address/hour
Verification SMS sending limits
Operation
Limit
Verification SMS sent.
1,000 sent/minute
Verification SMS sent per IP address
50 sent/minute, 500 sent/hour
Additionally, there is a limit on the number of verification SMS messages a project
can send to a single phone number within a set amount of time. You can test with fictional numbers or
across multiple devices to ensure a project does not exceed these limits.
Additionally, you can track verification codes sent per phone number if you've enabled
Activity Logging on your project.
SMS MFA limits
Operation
Limit
Start MFA enrollment per project and IP address
50 requests/minute, 500 requests/hour
Finalize MFA enrollment per project and IP address
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eIdentity Platform has usage limits for various operations, which vary depending on whether a billing instrument is attached.\u003c/p\u003e\n"],["\u003cp\u003eDaily active user limits are 3000 per day for Tier 1 and 2 per day for Tier 2 without a billing instrument.\u003c/p\u003e\n"],["\u003cp\u003eAccount creation is limited to 100 accounts/hour per IP address, while account deletion is limited to 10 accounts/second.\u003c/p\u003e\n"],["\u003cp\u003eEmail sending and link generation limits range from a few emails/day to tens of thousands, based on the type of email and whether or not a billing instrument is connected.\u003c/p\u003e\n"],["\u003cp\u003ePhone number sign-in and verification SMS message limits are in place, including rates per minute, per hour, per IP address, and per phone number, with some differences for instrumentless accounts versus those with billing instruments.\u003c/p\u003e\n"]]],[],null,["# Quotas and limits\n=================\n\nThe following auth operations have limitations on the frequency you can perform\nthem. Contact\n\nGoogle Cloud a few weeks in advance\nto discuss special use cases.\n| **Note:** Limitations apply per customer and can change without notice. Abuse protections may be enabled without warning on accounts that demonstrate suspicious traffic patterns.\n\nDaily Instrumentless Usage Limits\n---------------------------------\n\nThe following limits are daily usage limits for users of\n\nIdentity Platform without a billing instrument, which is\nbased on the no-cost [Spark pricing plan](https://firebase.google.com/docs/projects/billing/firebase-pricing-plans#spark-pricing-plan).\nThese usage limits correspond directly to\n[Google Cloud Pricing Tiers](https://cloud.google.com/identity-platform/pricing).\n\nAccount creation and deletion limits\n------------------------------------\n\nAccount limits\n--------------\n\nTenants per project\n-------------------\n\nProviders per project or tenant\n-------------------------------\n\nThere is no limit on the number of identity providers allowed per project or\ntenant.\n\nEmail sending limits\n--------------------\n\nThe quotas listed in this section scale with the number of users.\n\n| **Note:** The limits for email link sign-in emails were recently changed. Please add a billing instrument to go beyond 5 email link sign-in emails.\n\nEmail link generation limits\n----------------------------\n\nThe quotas listed in this section scale with the number of users.\n\nPhone number sign-in limits\n---------------------------\n\nVerification SMS sending limits\n-------------------------------\n\nAdditionally, there is a limit on the number of verification SMS messages a project\ncan send to a single phone number within a set amount of time. You can test with [fictional numbers](https://firebase.google.com/docs/auth/android/phone-auth#test-with-fictional-phone-numbers) or\nacross multiple devices to ensure a project does not exceed these limits.\n\nAdditionally, you can track verification codes sent per phone number if you've enabled\n[Activity Logging](/identity-platform/docs/activity-logging) on your project.\n\nSMS MFA limits\n--------------\n\nIdentity Toolkit API limits\n---------------------------\n\n\\* Admin-only operations.\n\nThe `fetchProvidersForEmail()` and [`fetchSignInMethodsForEmail(email)`](https://firebase.google.com/docs/reference/js/auth.md#fetchsigninmethodsforemail) methods leverage the `createAuthURI` endpoint.\n\nToken Service API limits\n------------------------"]]
