Rate Limiting

Overview

Strivacity implements rate limiting across all of its APIs, on a per instance basis. Rate limits may vary depending on the type of API that is being used.
In general, APIs will respond with HTTP 429 Too Many Requests when the rate limit has been reached.
If the rate limit is being reached then brands should back off on their use of the API until the rate limit period has expired.
Our default rate limiting should facilitate approximately:
1) 144,000 registrations over a 24 hour period
2) 144,000 logins over a 24 hour period
3) 86 million anonymous visitors and consents over a 24 hour period.
If a higher rate limit is required then contact us at [email protected]

Rate Limits

Strivacity implements the following limits for production instances of Fusion.
Name
Path
Instance Limit per Second
Instance Limit per Minute
Single IP Limit per Second
Single IP Limit per Minute
Administrative APIs
/admin/api/v1
50
500
10
100
Anonymous Visitor API
/api/v1/identities
10000
10
Authentication APIs
/login/api/v1
300
10000
10
100
/login/api/v1/mfaMethod
300
10000
10
10
/login/api/v1/forgottenUsername
300
10000
1
1
Miscellaneous Landings (Errors, Magic Link, etc.)
/landing
300
10000
10
10
Password Reset APIs
/passwordreset/api/v1
300
10000
5
50
Registration APIs
/registration/api/v1
300
10000
5
50
Self Service APIs
/selfservice/api/v1
300
10000
5
50
Last modified 7d ago
Export as PDF
Copy link