Rate Limiting Guide

Configure API rate limits to prevent abuse, enforce fair usage, and maintain system stability.

Understanding Rate Limiting

Rate limiting prevents abuse while optimizing API availability for all users. Orbital7 provides enterprise-grade rate limiting policies that you can customize to protect your endpoints.

Key Concepts

Window-based

Requests are counted during a configurable time window (e.g., 100 requests/5 mins).

IP Address Limiting

Throttle requests per unique client IP with flexible rate rules and dynamic windows.

Custom Policies

Create custom rules with different limit rates for different API paths or user groups.

Configuration Options


api-rate-limits:
  # Global default rules
  default: 
    limit: 100
    window: 60s
    
  # Path-specific configuration
  paths:
    "/api/v1/payments":
        limit: 30
        window: 15s
        penalty: 60s

1. Set limits in config.yaml.
2. Use POST /api/rate-limits to manage dynamic rules.

Best Practices

Related Articles

Caching Best Practices

Combine caching and rate limits for optimal performance.

Monitoring Strategies

Track rate limit usage through dashboard metrics and alerts.