Rate limit by user or key

Rate limit by user or key

For stable and predictable API operation, it is important not only to scale, but to control the number of requests. We implement flexible limiting, which allows you to set limits based on API keys, user ID or IP addresses. This protects the system from abuse, congestion and makes it possible to guarantee SLAs to each client.

How rate limiting works

Approach	What controls
By API Key	Limit on the number of requests from one integrator or application
By User ID	Individual limit per user (for example, in a mobile application)
By IP Address	IP Anti-Spam or DDoS Protection
By endpoint/method	Ability to restrict sensitive methods (e.g. search, write)

Settings and Functions

⏱ Supports limits: RPS, RPM, RPH (requests per second/minute/hour)
Sliding window, fixed window, token bucket and leaky bucket algorithms
Code Return 429 and Custom Error Message
Automatic Timer Unlock
Metrics: number of times exceeded, tokens on the limit, reset rate

Business Advantage

Protection against overloads and DoS attacks
Lower infrastructure costs
Customer Integration Quality Control
Identify abnormal activity and possible vulnerabilities
Ability to allocate VIP users with individual limits

Where Especially Important

API for financial transactions
Gaming platforms with frequent user actions
E-commerce services with high filtering and search rates
Public APIs and open platform solutions

Rate limiting is the control, security and quality of the API. We implement point constraints that protect the infrastructure and ensure predictable operation under any load.