Skip to main content

Documentation

Request Rate Limits

Velocity checks.

The enforcement of request rate limits is a critical aspect of Rapyd's security infrastructure.

The rate limits proactively protect against potential attacks like DDoS (Distributed Denial of Service), and ensure the stable operation of Rapyd's services.

Rate limits are implemented through a robust Web Application Firewall (WAF) solution. The WAF monitors and controls incoming HTTP requests to ensure compliance with defined thresholds. The thresholds apply to both production and sandbox environments.

The limits are as follows:

  • 200 API requests per minute.

    When the rate is exceeded, additional requests are blocked until the end of the minute.

  • 1000 API requests per five-minute period.

    When the rate is exceeded, additional requests are blocked for five minutes.

Violating the limits may trigger an error response with the 429 Too Many Requests status code.