What counts as MAU
MAU (Monthly Active Users) in Lamba means unique users or devices with a successful session inside a rolling 30-day window for production traffic.
A successful session means authentication completed and an active session was issued (for example, an OIDC code exchange resulting in tokens).
Sandbox vs production
- Sandbox projects are for integration and validation work.
- Production projects are the boundary used for billing and limit enforcement.
Keep sandbox traffic separate from production so usage visibility stays accurate.
Soft limits vs hard limits
Lamba uses two enforcement behaviors:
- Soft limits: early warnings and guidance before you hit a boundary.
- Hard limits: protective enforcement to keep performance and latency predictable.
When a hard limit is exceeded, APIs can return HTTP 402 with a structured payload.
What 402 looks like
{
"error": "PLAN_LIMIT_EXCEEDED",
"limit": "mau",
"allowed": 5000,
"current": 5001,
"plan": "free",
"message": "Plan limit exceeded. Upgrade to continue."
}
Treat 402 as a business-state response, not a transient network error.
Messaging and usage boundaries
- Paid plans allow controlled overage for selected dimensions (for example MAU, campaign email).
- Free plan applies hard caps in production.
- Usage is visible before enforcement, so teams can upgrade or adjust traffic intentionally.
Best practices
- Review usage trends weekly during growth periods.
- Set internal warning thresholds below hard limits.
- Handle
402with explicit upgrade or downgrade UX in your app. - Keep pricing page copy and engineering-side enforcement semantics aligned.