I've read the docs about Firebase Auth Limits in https://firebase.google.com/docs/auth/limits. It states that there is a limit of 1000 requests/second per project. There is no example or any explanation about what those API Limits are. What kind of actions are counted in the API Limit? Does verifyIdToken() and createUser() in Admin SDK count as an API Request?
I am also aware that there is a duplicate question here but it hasn't been answered well.
I've asked Firebase Support about the API Limits and got the following response:
The API’s quota applies depending on the Firebase API you want to use. In this case the API quota applies to the use of the Firebase Auth REST API. Using it, you can query the Firebase Auth backend through a REST API. Also, it can be used for various operations such as creating new users, signing in existing ones and editing or deleting these users.
To create, and refresh a token the quota will apply, if you use the REST API to do the operations. However, even if you don’t use the REST API there are other internal quotas associated with the refreshing of the token. In order to avoid refreshing the token so many times, set forceRefresh to false to minimize unneeded token refreshes when a valid token may still be cached.
I've also asked about the internal quota when refreshing the token using the official sdk and got this reponse:
Unfortunately, some quotas are internal, and confidential information. For this reason, I am not able to share it with you. However, if you receive quota errors you can contact us
The rate limit includes both the Client and Admin SDK:
The API limits encapsulates every request that comes from the API. This includes various operations such as creating new users, signing in existing ones, and editing or deleting users. The limits apply to requests coming from both the Client and Admin SDK. This means that Firebase allows you to have 1000 simultaneous requests/second (both from Client and Admin SDK) in a project. ~ Firebase Support
