Skip to main content

Rate Limits V9

This page defines the default rate limits for the backend services. The limits are separated by context to offer granular control over limits within the application area.

Rate Limiting Configuration

Global Behaviour

  • Rejected requests return HTTP 429 (Too Many Requests).
  • Response trailer includes:
    • error_detail: too many requests
  • Queue processing order for all policies:
    • OldestFirst

Built-in Rate Limiter Policies

Policy Name Type Purpose
Configuration fixed Fixed Window Allows a fixed number of requests within a time period. Counter resets at the end of each window. PermitLimit=100, Window=20s, QueueLimit=50 sliding Sliding Window Similar to Fixed Window but uses a moving time window for smoother traffic control. PermitLimit=25, Window=9s, SegmentsPerWindow=3, QueueLimit=10 token Token Bucket Uses tokens that are consumed by requests and replenished over time. Allows short bursts of traffic. TokenLimit=50, TokensPerPeriod=1, ReplenishmentPeriod=5s, AutoReplenishment=true, QueueLimit=10 concurrency Concurrency Limits the number of requests that can execute simultaneously. PermitLimit=2, QueueLimit=3

Limiter Type Comparison

Limiter Type What It Limits Example Fixed Window Number of requests in a fixed time period Allow 100 requests every 20 seconds Sliding Window Number of requests in a continuously moving time period Allow 25 requests within any rolling 9-second period Token Bucket Requests based on available tokens that refill over time Allow bursts of requests but enforce a sustainable rate Concurrency Number of requests running simultaneously Allow only 2 imports to execute at the same time

Token Bucket Business Policies

Configuration values are sourced from application settings, with the defaults shown below.

Policy Name Configuration Section Purpose
Token Limit Tokens / Period Replenishment Period Queue Limit api-policy ApiRateLimitPolicy:* General API request throttling. Allows small bursts while protecting the API from excessive traffic. 60 10 10s 10 import-policy ImportRateLimitPolicy:* Supports high-volume import operations while preventing imports from overwhelming the system. 1,000 200 10s 20 signify-signing-policy SigningRateLimitPolicy:* Designed for high-throughput document signing workloads. 4,000 1,000 5s 10 signify-email-policy EmailRateLimitPolicy:* Controls email sending throughput and protects downstream email providers. 6,000 1,000 10s 50 signify-sms-policy SMSRateLimitPolicy:* Limits SMS traffic to avoid overwhelming SMS gateways and third-party providers. 1,000 100 10s 10

Queue Behaviour

Scenario Result Permit available Request executes immediately Permit unavailable, queue has space Request waits in queue Permit unavailable, queue full Request rejected with HTTP 429 Multiple requests queued Processed in OldestFirst order

Summary

All rate limiters:

  • Return HTTP 429 when requests are rejected.
  • Include the trailer error_detail: too many requests.
  • Process queued requests using OldestFirst ordering.

Business-specific policies use the Token Bucket algorithm and are configurable on application level.

Back to top