Skip to main content

Rate Limits V9

This page defines the default rate limits for the backend services. The limits are separated by context to offer granular control over limits within the application area.

Rate Limiting Configuration

Global Behaviour

    Rejected requests return HTTP 429 (Too Many Requests). Response trailer includes:
      error_detail: too many requests Queue processing order for all policies:
        OldestFirst

        Built-in Rate Limiter Policies

        Policy Name Type Configuration fixed Fixed Window PermitLimit=100, Window=20s, QueueLimit=50 sliding Sliding Window PermitLimit=25, Window=9s, SegmentsPerWindow=3, QueueLimit=10 token Token Bucket TokenLimit=50, TokensPerPeriod=1, ReplenishmentPeriod=5s, AutoReplenishment=true, QueueLimit=10 concurrency Concurrency PermitLimit=2, QueueLimit=3

        Token Bucket Business Policies

        Configuration values are sourced from application settings, with the defaults shown below.

        Policy Name Configuration Section Token Limit Tokens / Period Replenishment Period Queue Limit api-policy GrpcSettings:ApiRateLimitPolicy:* 60 10 10s 10 import-policy GrpcSettings:ImportRateLimitPolicy:* 1,000 200 10s 20 signify-signing-policy GrpcSettings:SigningRateLimitPolicy:* 4,000 1,000 5s 10 signify-email-policy GrpcSettings:EmailRateLimitPolicy:* 6,000 1,000 10s 50 signify-sms-policy GrpcSettings:SMSRateLimitPolicy:* 1,000 100 10s 10

        Summary

        All rate limiters:

          Return HTTP 429 when requests are rejected. Include the trailer error_detail: too many requests. Process queued requests using OldestFirst ordering.

          Business-specific policies use the Token Bucket algorithm and are configurable on application level.

          Back to top