LastPass · Rate Limits
Lastpass Rate Limits
LastPass throttles abusive Enterprise API traffic and protects authentication endpoints with adaptive rate limiting (failed-login backoff, captcha, account lockout). Per-second numeric ceilings for the Enterprise API are not exhaustively published; LastPass guidance is to batch user-management commands (batchadd, batchchange) instead of single-user calls and to use the SCIM endpoint for ongoing directory sync. Reconciliation against a published numeric ceiling pending - confirm with LastPass support for high-volume integrations.
3 Limits
Throttle: 429
SecurityPassword ManagerVaultIdentityEnterpriseRate LimitingThrottling
Limits
Enterprise API Throttle customer
dynamic
Dynamic throttle applied per enterprise customer (cid). Numeric ceiling not published; sustained excessive request volume can trigger temporary block.
Authentication Endpoint Throttle account
adaptive
Failed authentication is met with progressive backoff, captcha, and eventual lockout. Applies to user logins, not the Enterprise API itself.
SCIM Provisioning tenant
dynamic
The SCIM endpoint applies its own dynamic throttle suited to directory-sync patterns from Okta, Entra ID, and Google Workspace.
Policies
429 Throttling
The Enterprise API returns 429 / generic error on excessive throughput. Clients should back off before retrying.
Batch Operations
Use batchadd, batchchange, and other batch commands rather than per-user calls to reduce request volume.
Prefer SCIM For Directory Sync
Use the SCIM 2.0 endpoint for ongoing directory provisioning; it is built for sustained sync patterns and integrates natively with major identity providers.
Backoff Strategy
Implement exponential backoff with jitter on 429/5xx responses; cache reporting results where the underlying data is not changing rapidly.