diff --git a/components/server/src/auth/rate-limiter.ts b/components/server/src/auth/rate-limiter.ts
index d387ac55d2792d..1d46ec0b5b62e7 100644
--- a/components/server/src/auth/rate-limiter.ts
+++ b/components/server/src/auth/rate-limiter.ts
@@ -14,7 +14,7 @@ type GitpodServerMethodType =
     | keyof Omit<GitpodServer, "dispose" | "setClient">
     | typeof accessCodeSyncStorage
     | typeof accessHeadlessLogs;
-type GroupKey = "default" | "startWorkspace" | "createWorkspace" | "phoneVerification" | "sendHeartBeat";
+type GroupKey = "default" | "startWorkspace" | "createWorkspace" | "phoneVerification" | "sendHeartBeat" | "getToken";
 type GroupsConfig = {
     [key: string]: {
         points: number;
@@ -57,7 +57,7 @@ const defaultFunctions: FunctionsConfig = {
     deleteOrgAuthProvider: { group: "default", points: 1 },
     getConfiguration: { group: "default", points: 1 },
     getGitpodTokenScopes: { group: "default", points: 1 },
-    getToken: { group: "default", points: 1 },
+    getToken: { group: "getToken", points: 1 },
     deleteAccount: { group: "default", points: 1 },
     getClientRegion: { group: "default", points: 1 },
     getWorkspaces: { group: "default", points: 1 },
@@ -207,6 +207,10 @@ function getConfig(config: RateLimiterConfig): RateLimiterConfig {
             points: 200, // 200 calls per user, per connection, per minute
             durationsSec: 60,
         },
+        getToken: {
+            points: 200, // 200 calls per user, per connection, per minute
+            durationsSec: 60,
+        },
         startWorkspace: {
             points: 3, // 3 workspace starts per user per 10s
             durationsSec: 10,