Security & Compliance

Rate Limits

Per-endpoint rate limits and per-tenant network policy. Per-client and per-tenant tiers are still pending — see GAP-ANALYSIS P2.

Per-endpoint limits
Built-in token-bucket limits applied at the gateway in backend/internal/platform/ratelimit/limiter.go.
POST /v1/auth/login
5 req / 20 burstper IP, sliding
POST /v1/auth/refresh
5 req / 20 burstper IP, sliding
POST /v1/auth/signup
5 req / 20 burstper IP, sliding
POST /v1/auth/forgot-password
5 req / 20 burstper IP, sliding
POST /v1/oauth/token (client_credentials)
5 req / 20 burstper IP, sliding
Other authed endpoints
unlimited
Network policy
Tenant-level IP filtering. Manage in Roles & Permissions → Policies.

Allowlist (0)

No allowlist — open to all source IPs.

Denylist (0)

No denied CIDRs.

Per-tenant rate limits coming soon.

Today every tenant shares the same global gateway limits. Tenant-tier limits (per plan) are tracked as P2 in documents/GAP-ANALYSIS.md.

Platform
Identity & Access
Authentication
Security & Compliance
Developer
Settings
↑↓ navigate · select · esc close59 results