Skip to main content

Rate Limits

SHIELD implements rate limiting to ensure fair usage and prevent abuse.

Limits by Endpoint

EndpointLimitScope
POST /api/storeMetadata10/minPer IP
GET /api/getPolicy/*60/minPer IP
POST /api/verify-siwe20/5minPer IP
GET /api/access-logs/*30/minPer address
POST /api/cleanup/*5/minPer IP
GET /api/user/links30/minPer address
Default100/minPer IP

Response Headers

Rate limit information is included in response headers: 
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 3
X-RateLimit-Reset: 1708608600

Exceeded Limit

When rate limit is exceeded: 
HTTP/1.1 429 Too Many Requests
Retry-After: 60

{
  "error": "Rate limit exceeded",
  "retryAfter": 60,
  "limit": 10,
  "window": "1 minute"
}

Implementation

Rate limiting uses a sliding window algorithm: 
// src/lib/rateLimit.ts
interface RateLimitConfig {
  windowMs: number;  // Time window in ms
  maxRequests: number; // Max requests in window
}

const limits: Record<string, RateLimitConfig> = {
  storeMetadata: { windowMs: 60 * 1000, maxRequests: 10 },
  getPolicy: { windowMs: 60 * 1000, maxRequests: 60 },
  verifySiwe: { windowMs: 5 * 60 * 1000, maxRequests: 20 },
  default: { windowMs: 60 * 1000, maxRequests: 100 },
};

Increasing Limits

Contact support to increase rate limits for:
  • Pro plan rate limit increases
  • High-volume applications
  • Integration partners
Email: shieldencrypted@gmail.com

Best Practices

  1. Cache responses when possible
  2. Implement backoff on 429 errors
  3. Batch operations to reduce calls
  4. Use webhooks instead of polling

Error Handling

async function apiCallWithRetry(url: string, options: RequestInit) {
  const response = await fetch(url, options);

  if (response.status === 429) {
    const data = await response.json();
    const delay = data.retryAfter * 1000;

    console.log(`Rate limited. Retrying after ${delay}ms...`);
    await new Promise(resolve => setTimeout(resolve, delay));

    return apiCallWithRetry(url, options);
  }

  return response;
}