For stable and predictable API operation, it is important not only to scale, but also to control the number of requests. We implement a flexible rate limiting that allows you to set limits based on API keys, user IDs or IP addresses. This protects the system from abuse, overload and makes it possible to guarantee SLA to each client.
How rate limiting works
| Approach | What controls |
|---|---|
| By API key | Limit on the number of requests from one integrator or application |
| By User ID | Individual limit per user (e.g. mobile app) |
| By IP Address | IP Spam or DDoS Protection |
| By endpoint/method | Ability to limit sensitive methods (e.g. search, write) |
Settings and functions
Limit support: RPS, RPM, RPH (requests per second/minute/hour)
Sliding window, fixed window, token bucket and leaky bucket algorithms- 429 Code Return and Custom Error Message
- Auto Timer Unlock
- Metrics: number of exceedances, tokens on the edge of the limit, reset frequency
Business benefits
Protection against overloads and DoS attacks- Lower infrastructure costs
- Quality control of customer integrations
- Identification of abnormal activity and possible vulnerabilities
- Ability to allocate VIP users with separate limits
Where especially important
API for financial transactions- Gaming platforms with frequent user activity
- E-commerce services with high filtering and search rates
- Public APIs and open platform solutions
Rate limiting is the control, safety and quality of the API. We implement point constraints that protect the infrastructure and ensure predictable operation under any load.
Popular Topics
Main Topics
Contact Us
Fill out the form below and we’ll get back to you soon.