> ## Documentation Index
> Fetch the complete documentation index at: https://docs.shieldhq.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate Limits

> API rate limiting policies

# Rate Limits

SHIELD implements rate limiting to ensure fair usage and prevent abuse.

## Limits by Endpoint

| Endpoint                  | Limit   | Scope       |
| ------------------------- | ------- | ----------- |
| `POST /api/storeMetadata` | 10/min  | Per IP      |
| `GET /api/getPolicy/*`    | 60/min  | Per IP      |
| `POST /api/verify-siwe`   | 20/5min | Per IP      |
| `GET /api/access-logs/*`  | 30/min  | Per address |
| `POST /api/cleanup/*`     | 5/min   | Per IP      |
| `GET /api/user/links`     | 30/min  | Per address |
| Default                   | 100/min | Per IP      |

## Response Headers

Rate limit information is included in response headers:

```http theme={null}
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 3
X-RateLimit-Reset: 1708608600
```

## Exceeded Limit

When rate limit is exceeded:

```http theme={null}
HTTP/1.1 429 Too Many Requests
Retry-After: 60

{
  "error": "Rate limit exceeded",
  "retryAfter": 60,
  "limit": 10,
  "window": "1 minute"
}
```

## Implementation

Rate limiting uses a sliding window algorithm:

```typescript theme={null}
// src/lib/rateLimit.ts
interface RateLimitConfig {
  windowMs: number;  // Time window in ms
  maxRequests: number; // Max requests in window
}

const limits: Record<string, RateLimitConfig> = {
  storeMetadata: { windowMs: 60 * 1000, maxRequests: 10 },
  getPolicy: { windowMs: 60 * 1000, maxRequests: 60 },
  verifySiwe: { windowMs: 5 * 60 * 1000, maxRequests: 20 },
  default: { windowMs: 60 * 1000, maxRequests: 100 },
};
```

## Increasing Limits

Contact support to increase rate limits for:

* Pro plan rate limit increases
* High-volume applications
* Integration partners

Email: `shieldencrypted@gmail.com`

## Best Practices

1. **Cache responses** when possible
2. **Implement backoff** on 429 errors
3. **Batch operations** to reduce calls
4. **Use webhooks** instead of polling

## Error Handling

```typescript theme={null}
async function apiCallWithRetry(url: string, options: RequestInit) {
  const response = await fetch(url, options);

  if (response.status === 429) {
    const data = await response.json();
    const delay = data.retryAfter * 1000;

    console.log(`Rate limited. Retrying after ${delay}ms...`);
    await new Promise(resolve => setTimeout(resolve, delay));

    return apiCallWithRetry(url, options);
  }

  return response;
}
```
