Simultaneous OAuth login limitation for Web3Auth?

I had a demo with 20 people trying to login via web3auth simultaneously, many got rate limit responses (especially via email OTP) – is this only for the base (free) plan, or are there different limits for various plans? What are the levels of simultaneous new logins (first-time / account creation) for the different tiers?

I was really surprised by this limitation / bottleneck

using v10 pnp

Hi Charlie — thanks for the clear report, and sorry you hit that bottleneck during the demo. I’ve pulled the details you provided and added what the support team will want to know next.

Captured details

• SDK: MetaMask Embedded Wallets (Web3Auth)
• SDK version: v10 (pnp)
• Platform: (assumed web demo) — please confirm if this was a browser/web environment
• Issue: many simultaneous OAuth/login attempts (email OTP) hit rate limits during a 20-person demo

Short explanation and likely cause

• Web3Auth (the identity/OAuth layer Embedded uses) is the component that enforces rate limits for login flows (especially email OTP/passwordless). Those limits are typically stricter on community/free tiers and vary by social provider and plan. MetaMask Embedded itself does not impose those OTP rate limits — they come from Web3Auth or the underlying email provider.

Immediate mitigation suggestions

• Use social/OAuth providers (Google/Apple) for demos instead of email OTP — they usually scale better for simultaneous logins.
• Stagger or queue login attempts rather than firing all at once.
• Pre-create/demo accounts or invite participants ahead of time so they don’t need first-time account creation during the demo.
• Ask Web3Auth about upgrading to a paid/enterprise plan or increasing OTP/email quotas for your org.

What will help the support team investigate (please share if you want a deeper look)

• Code initialization + login snippets (how you configured Web3Auth inside Embedded)
• Browser console logs or screenshots showing the rate-limit errors and timestamps
• Confirm whether attempts were creating new accounts vs returning users, and whether the failures were only for email OTP or other providers too
• Approx timestamps and the region of your test (rate limits sometimes depend on email provider region)

Useful links

• Web3Auth docs / support (for plan/limits and enterprise options): Introduction | Documentation | Web3Auth
• MetaMask dev docs / Builder Hub for Embedded Wallets: https://docs.metamask.io and https://builder.metamask.io

If you’d like, paste your init/login snippet and one console error screenshot here and I’ll attach it to the ticket and highlight potential config tweaks. If you prefer to contact Web3Auth directly for quota/plan details I can point you to the right contact path.

Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. MetaMask Developer Office Hours

I don’t think we have such a bottleneck placed on our side. We use sendgrid as our provider. Can you please try logging in the same way on demo.web3auth.io ?
If it repeats there, can you share the jam.dev recording for us to dig further into this?