Effective Date: 4 February 2019
For Private Cloud customers, please see Private Cloud Load Testing Policy.
Auth0 recognizes that customers may occasionally need to perform load tests against its production cloud service. In order to ensure a successful test and maintain a high quality of service for all customers, Auth0 has established the following guidelines. Any load testing in Auth0 must be conducted in accordance with this Policy. Only customers who have purchased an Enterprise subscription may conduct load testing. Customers with an Enterprise subscription may request one load test (with up to 2 repeats) per year against an Auth0 production tenant. Performance and load testing are only allowed with Auth0’s prior written approval. Once approved, testing can only target tenants that we have approved.
Auth0 reserves the right to reject the load test request or ask for modifications. Failure to abide by this policy may result in temporary blocking of access to a tenant until the issue is remediated.

Acceptable testing windows

Public cloud customers must arrange to conduct their load tests during the following off-peak test windows:
  • prod-au: 9:00 - 17:00 UTC
  • prod-eu: 21:00 - 5:00 UTC
  • prod-us: 2:00 - 10:00 UTC
  • prod-jp: 14:00 - 22:00 UTC
In very exceptional circumstances, Auth0 may grant exceptions to this rule.

Change freeze policy

Load tests are not allowed during change freeze periods.
To view the currently scheduled change freeze periods, read Change Freeze Policy.

Holiday load testing policy

Updated: November 1, 2022 During the holiday season, load testing requests must meet the following requirements:
  • Be filed at least 2 weeks prior to the desired test date. Four (4) weeks or more of advance notice is preferred to ensure time for a thorough review and any required modifications.
  • Approved load tests are permitted only on Tuesdays, Wednesdays and Thursdays during off peak hours for the targeted environment.
  • If all RPS requests are determined to be safely within the RPS limits, the load test will be allowed, as long as it has been reviewed and approved by all product/platform teams owning the endpoints being tested.
    • Tests that fall outside the safe RPS will be rejected.
  • Only one load test per customer, per environment will be scheduled in a single day.
    • If there’s a need to run more than one test at a time, the request must be escalated and approved by a Platform Director or Vice President.

Submit load testing request

You can submit a load testing request through the Auth0 Support Center. Open a new ticket, select Product Support from the What can we help you with? dropdown field, and then provide all the information described below.
To be considered for approval, you must:
  • Submit your request at least 2 weeks prior to your desired test date.
  • Receive written approval before conducting any testing.
  • Stay within our published production rate limits.

Required load testing information

Your load testing request must include the following information.

General

  • A description of the test to be done
  • Contacts who will be available during the test and how to reach them
  • The requested date and time of the test, including time zone
  • The requested duration of the test (2 hours maximum)
  • The platforms to be used for the test (desktop/laptop, iOS, Android, other)

Tenant

  • The name and region of the Auth0 tenant to be used during the test

Features

  • The Auth0 features (such as Actions, Rules, or Email) used during the test
  • The types of Auth0 connections involved in the test
  • Which Custom DB, if any, will be used
  • Whether you are using a
  • Which Auth0 Rules or Actions, if any, will execute during the test
  • Which Auth0 Webtasks, if any, will be used
  • Whether verification, welcome or other emails will be sent

APIs

  • The Auth0 API methods and endpoints to be used (for example GET /api/v2/clients)
  • The maximum requests per second for each type of request or endpoint

Users

  • Number of unique users participating in the load test

Load estimates

  • The peak load, specified in requests-per-second, expected for each API endpoint or Auth0 feature involved in the test
  • An explanation/justification for the peak load numbers, including the size of the target user population and realistic estimates of logins per hour
  • The ramp-up rate for the test
  • Number of unique users participating in the load test

Test requirements

Load testing windows are subject to availability so advance notice is highly recommended. Once approved, load testing windows will have a scheduled start and end time not to exceed two (2) hours in duration. All testing must begin and end during this window. During the load test, configure your IPs to rotate so your test does not bump into IP-based rate limits. Auth0 strongly recommends including a brief “ramp-up” period to the desired load test target numbers. For example, a load test request of 100 RPS might be preceded by three five-minute periods: 5 minutes at 25 RPS, 5 minutes at 50 RPS, and 5 minutes at 75 RPS. This ramp-up period allows Auth0 and the customer to observe and compare effects at increasing RPS levels prior to peak RPS. If a ramp-up period is not possible, please indicate why.

Configure email provider

Before any testing, you must:
  • Configure your own email provider in Auth0
  • Receive approval from your email provider to send the expected volume of email
  • Make arrangements for bounced emails
  • Establish a mechanism for testing that emails arrived

Learn more