To protect users and Google systems from abuse, applications that use OAuth and Google Identity have certain quota restrictions based on the risk level of the OAuth scopes an app uses. These limits include the following:
- A new user authorization rate limit that limits how quickly your application can get new users.
- A total new user cap. To learn more, see the Unverified apps page.
When an application exceeds the rate limit, Error 403: rate_limit_exceeded is displayed to users, like in the screenshot below:
Application developers
As a developer of an application, you can view the current user authorization grant rate (or token grant rate) in the Google API Console OAuth consent screen page before your application displays this error.
If you see that your application will reach the rate limit soon via the Google API Console or see this error being displayed, you should take action to improve your application’s user experience. You can request a rate limit quota increase for the application. Please expect a response in 5 business days.
OAuth rate limit quotas
|
Applicable apps |
Quota |
Appeal |
|
|---|---|---|---|
|
New user authorization rate limit |
Apps that request access to user data, including verified apps |
Dependent on application history, developer reputation, and riskiness |
To learn more about the total new user cap, see the Unverified apps page.