Elevated API Errors

Summary

On October 10, 2025, error rates increased across AuthKit and SSO API endpoints. At peak, 28% of AuthKit authentication API requests failed. For customers using AuthKit Sessions, failure rates peaked at 55%. SSO endpoints experienced 0.18% failure rates.

During the incident, end users may have experienced errors when attempting to complete authentication flows, and authenticated sessions may have ended prematurely.

What Happened

WorkOS has historically relied on a third-party vendor to manage data encryption of application secrets, such as client key pairs. We are now in the process of migrating from this third-party vendor to our own product, WorkOS Vault.

On October 10, we began a migration of client key pairs to Vault, causing a dramatic increase in traffic to Vault's public API. This increase triggered one of our public API rate limits, resulting in throttled requests to Vault.

API requests depending on data encryption — primarily authentication-related requests — subsequently resulted in intermittent errors.

Timeline

‌

Remediation

Once identified, we modified rate limit rules to account for the expected increase in internal API traffic.

Shortly after the incident, we added improved alerting at the network edge to decrease time to detection.

In addition, we are prioritizing the following work:

• Implementing more fine-grained controls for data migrations to allow for incremental rollouts
• Re-routing internal API requests through internal paths

Conclusion

We recognize and apologize for the significant impact this incident had on you and your customers. We're committed to implementing lasting improvements to ensure greater stability going forward.