1Password · Rate Limits
1Password Rate Limits
Rate limits for 1Password developer APIs. The Events API publishes hard request ceilings (per-minute and per-hour). The Connect Server is self-hosted, so externally observed limits only apply to its initial fetch from the 1Password backend; otherwise it operates locally and caches results. SCIM Bridge and Service Accounts are subject to internal fair-use limits but no published numeric thresholds.
4 Limits
Throttle: 429
Quota: 429
Password ManagerPasswordsSecuritySecretsRate Limiting
Limits
Events API per-minute account
600
Applies across all Events API endpoints (sign-in attempts, item usage, audit events).
Events API per-hour account
30000
Hard ceiling per account regardless of plan.
Connect Server fair-use account
internal fair-use limits on initial secret fetch from 1Password
Self-hosted; subsequent requests are served from local cache. No published numeric ceiling.
SCIM Bridge fair-use account
internal fair-use limits, no public numeric threshold
Provisioning calls follow SCIM 2.0 patterns; bursts beyond fair use can be throttled.
Policies
Retry on 429
Treat 429 as throttling; back off and retry. 1Password does not document a Retry-After header for the Events API, so use exponential backoff with jitter.
Pagination
Use cursor-based pagination for Events API to keep request volumes inside the per-minute ceiling rather than fetching large batches in tight loops.
Caching for Connect Server
After first fetch, secrets are cached locally; re-requests do not consume the upstream rate budget. Long-running deployments benefit by minimizing cold starts.
Account-scoped enforcement
Limits are evaluated per 1Password account, not per token, so multiple integrations under one account share the same ceiling.