Skip to content

Rate Limiting

Protect your API from abuse with rate limiting.

Default Limits

USSO includes built-in rate limiting:

Endpoint Limit Window
/auth/login 5 requests 5 minutes
/auth/register 3 requests 1 hour
/auth/reset-password 3 requests 1 hour
General API 100 requests 1 minute

Configure Rate Limits

# config.py
RATE_LIMITS = {
    "login": "5/5m",
    "register": "3/1h",
    "api": "100/1m"
}

Custom Rate Limits

from fastapi import Depends
from slowapi import Limiter
from slowapi.util import get_remote_address

limiter = Limiter(key_func=get_remote_address)

@app.post("/expensive-operation")
@limiter.limit("10/hour")
async def expensive_operation():
    pass

Rate Limit Headers

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1730000000

Handle Rate Limit Errors

@app.exception_handler(429)
async def rate_limit_handler(request, exc):
    return JSONResponse(
        status_code=429,
        content={
            "error": "Too many requests",
            "retry_after": exc.retry_after
        }
    )