Rate limits

CakeAuth rate limits certain endpoints to help protect users against brute-force attacks or to stop abuse of CakeAuth's platform.

Errors

If you receive a 429 error code, you have been rate-limited. All subsequent requests to that specific endpoint will be blocked for a given amount of time.

Every requests (both rate-limited or not) will have the following headers:

X-RateLimit-Limit: Max number of requests per time window.
X-RateLimit-Remaining: Number of request left on the current time window.
X-RateLimit-Reset: Next rate limit reset timestamp. In UNIX format.

Frontend API requests

Frontend API requests are rate-limited per user and identified by their IP address

Backend API requests

Backend API requests are rate-limited per environment which is identified by the Private Key that is provided when creating a Backend API request.

Errors

Frontend API requests

Create Authentication Attempt

Verify Authentication Attempt

Other APIs

Request without a Valid Public Key

Backend API requests

Creating a User

Other APIs

Request without a Valid Private Key

On this page