The Authentication endpoint has a rate limit of 150 requests per minute for Access Tokens; If this rate limit is exceeded, further requests are only accepted at a rate of 1 request per second, for the next 60 seconds. After 60 seconds, the rate limit is once again reset to its default value of 150 requests per minute.

NOTE: This is an upgrade from the v1 rate limit of 60 requests per minute


The Authentication endpoint accepts the Client ID and Secret (found in your API Credentials page) as an input and generates a bearer token. The bearer token generated is specific to the Client ID and secret used and remains the same i.e. stable, for a period of 24 hours.

The bearer token can then be used to access any Personnel Data endpoint (i.e. all endpoints except Auth and Recruiting) but please note that the bearer token will have a 'papi-' prefix. This bearer token can be used for an indefinite number of calls in the 24 hour period, after its initial creation and can also be used for parallel API calls to multiple Personio API endpoints, simultaneously.