Rate Limiting

To protect the platform from abuse and ensure fair usage, rate limiting is enforced by default on an IP-address basis. If a client exceeds the allowed number of requests within the specified time window, the API will return a 429 Too Many Requests status code.

Default Rate Limits

The following rate limits apply to various endpoints:

Endpoint	Rate Limit	Time Window
`POST /login`	30 requests	15 minutes
`POST /signup`	30 requests	60 minutes
`POST /verify-email`	10 requests	60 minutes
`POST /forgot-password`	5 requests	60 minutes
`GET /client-side-api`	100 requests	1 minute
`POST /share`	100 requests	60 minutes

If a request exceeds the defined rate limit, the server will respond with:

{
  "code": 429,
  "error": "Too many requests, Please try after a while!"
}

Disabling Rate Limiting

For self-hosters, rate limiting can be disabled if necessary. However, we strongly recommend keeping rate limiting enabled in production environments to prevent abuse. To disable rate limiting, set the following environment variable:

RATE_LIMITING_DISABLED=1

After making this change, restart your server to apply the new setting.

Self Hosting

Setup

Configuration

Advanced

Default Rate Limits

Disabling Rate Limiting

Self Hosting

Setup

Configuration

Advanced

​Default Rate Limits

​Disabling Rate Limiting

Default Rate Limits

Disabling Rate Limiting