Skip to main content
Help Center/Account & Security
Account & Security

Configuring Rate Limiting on Your Account

February 15, 20264 views0 found this helpful

How Rate Limiting Works

Boottify applies rate limiting across all 23 authentication API routes to protect your account from brute-force attacks and abuse. The system uses a 5-tier approach based on endpoint sensitivity.

Rate Limiting Tiers

TierLimitWindowApplies To
Critical3 requests15 minutesPassword reset, 2FA verification
Strict5 requests15 minutesSign-in, sign-up
Auth10 requests15 minutesOAuth callbacks, session validation
Standard30 requests1 minuteProfile updates, settings changes
Relaxed60 requests1 minuteRead-only endpoints, status checks

What Happens When You Hit a Limit

When a rate limit is exceeded, the API returns a 429 Too Many Requests response with a Retry-After header indicating how many seconds to wait before retrying.

Best Practices

  • Implement exponential backoff in your API integrations
  • Cache authentication tokens instead of re-authenticating on every request
  • Use webhook callbacks instead of polling for status updates
  • Contact support if you need higher limits for legitimate use cases

Was this article helpful?

Let us know if this article helped you find what you were looking for.

rate-limitingsecurityapi

Related Articles

Account & Security

SSH Security Best Practices for Platform Access

Secure your SSH access to the Boottify platform with key-based authentication, fail2ban, and firewall rules.

Account & Security

How to Set Up Two-Factor Authentication (2FA)

Enable TOTP-based two-factor authentication to add an extra layer of security to your Boottify account.

Account & Security

Understanding Sessions and Idle Timeout

Learn how Boottify manages login sessions, the 15-minute idle timeout policy, and how to manage active sessions.

Back to Help Center