Rate limiting
Overview
Strivacity implements rate limiting across all of its APIs, on a per instance basis. Rate limits may vary depending on the type of API that is being used.
In general, APIs will respond with HTTP 429 Too Many Requests when the rate limit has been reached.
If the rate limit is being reached then brands should back off on their use of the API until the rate limit period has expired.
Our default rate limiting should facilitate approximately:
1) 144,000 registrations over a 24 hour period
2) 144,000 logins over a 24 hour period
3) 86 million anonymous visitors and consents over a 24 hour period.
If a higher rate limit is required then contact us at [email protected]
Rate Limits
Strivacity implements the following limits for production instances of Strivacity.
Name | Path | Instance Limit per Second | Instance Limit per Minute | Single IP Limit per Second | Single IP Limit per Minute |
---|---|---|---|---|---|
Administrative APIs | /admin/api/v1 | 50 | 500 | 10 | 100 |
Anonymous Visitor API | /api/v1/identities | 1000 | 10 | ||
Authentication APIs | /login/... | 300 | 10000 | 10 | 100 |
/m | 300 | 10000 | 5 | 50 | |
/login/api/v2/mfaMethod | 300 | 10000 | N/A | 10 | |
/login/api/v2/forgottenUsername | 300 | 10000 | N/A | 1 | |
Miscellaneous Landings (Errors, Magic Link, etc.) | /landing | 300 | 10000 | 10 | 100 |
Self Service APIs | /myaccount/... | 300 | 10000 | 5 | 50 |
Updated 6 months ago