Rate Limits V9
This page defines the default rate limits for the backend services. The limits are separated by context to offer granular control over limits within the application area.
Rate Limiting Configuration
Global Behaviour
- Rejected requests return HTTP 429 (Too Many Requests).
- Response trailer includes:
error_detail: too many requests
- Queue processing order for all policies:
- OldestFirst
Built-in Rate Limiter Policies
| Policy Name | Type | Configuration |
|---|---|---|
| fixed | Fixed Window | PermitLimit=100, Window=20s, QueueLimit=50 |
| sliding | Sliding Window | PermitLimit=25, Window=9s, SegmentsPerWindow=3, QueueLimit=10 |
| token | Token Bucket | TokenLimit=50, TokensPerPeriod=1, ReplenishmentPeriod=5s, AutoReplenishment=true, QueueLimit=10 |
| concurrency | Concurrency | PermitLimit=2, QueueLimit=3 |
Token Bucket Business Policies
Configuration values are sourced from application settings, with the defaults shown below.
| Policy Name | Configuration Section | Token Limit | Tokens / Period | Replenishment Period | Queue Limit |
|---|---|---|---|---|---|
| api-policy | GrpcSettings:ApiRateLimitPolicy:* |
60 | 10 | 10s | 10 |
| import-policy | GrpcSettings:ImportRateLimitPolicy:* |
1,000 | 200 | 10s | 20 |
| signify-signing-policy | GrpcSettings:SigningRateLimitPolicy:* |
4,000 | 1,000 | 5s | 10 |
| signify-email-policy | GrpcSettings:EmailRateLimitPolicy:* |
6,000 | 1,000 | 10s | 50 |
| signify-sms-policy | GrpcSettings:SMSRateLimitPolicy:* |
1,000 | 100 | 10s | 10 |
Summary
All rate limiters:
- Return HTTP 429 when requests are rejected.
- Include the trailer
error_detail: too many requests. - Process queued requests using OldestFirst ordering.
Business-specific policies use the Token Bucket algorithm and are configurable on application level.