Rate limiting
Strivacity implements rate limiting across all of its APIs, on a per instance basis. Each API path has its own independent quota, meaning the limits for one path do not affect the usage of another. Rate limits may vary depending on the type of API that is being used.
In general, APIs will respond with HTTP 429 Too Many Requests when the rate limit has been reached.
If the rate limit is being reached, brands should stop using the API until the rate limit period has expired.
Our default rate limiting should facilitate approximately:
-
144,000 registrations over a 24-hour period
-
144,000 logins over a 24-hour period
If a higher rate limit is required, contact us at [email protected].
Rate limits
Strivacity implements the following limits for production instances of Strivacity.
The rate-limiting quotas are applied independently to each API path listed in the table.
| Name | Path | Instance Limit per Second | Instance Limit per Minute | Single IP Limit per Second | Single IP Limit per Minute |
|---|---|---|---|---|---|
| Administrative APIs | /admin/api/v1/... | 50 | 500 | 10 | 100 |
| Authentication APIs | /login/... /provider/... /.well-known/... /oauth2/... /userinfo/... | 300 | 10000 | 10 | 100 |
| /login/api/v2/forgottenPasswordEmail /login/api/v2/forgottenPasswordPhone /login/api/v2/registration | 300 | 10000 | 5 | 50 | |
| /login/api/v2/mfaMethod | 300 | 10000 | N/A | 10 | |
| /login/api/v2/forgottenUsername /login/api/v2/sendAccountActivation | 300 | 10000 | N/A | 1 | |
| Miscellaneous Landings (Errors, Magic Link, etc.) | /landing | 300 | 10000 | 10 | 100 |
| Self Service APIs | /myaccount/... /go/... | 300 | 10000 | 5 | 50 |
Updated 5 months ago