Skip to main content

Rate Limits

Device-level automatic rate limiting

ShieldLabs automatically rate-limits devices that send excessive fingerprint checks:
ThresholdActionDuration
> 10 checks / minute from same DeviceIDAuto-ban1 hour
When a device is banned, all subsequent webhooks for that device return: 
{
  "Score": 999,
  "Details": [
    { "Value": 999, "Description": "User has been banned 1H, to many requests" }
  ]
}
The ban is lifted automatically after 1 hour.

Dashboard API rate limits

The admin API (api.shieldlabs.ai) has the following limits:
Endpoint groupLimit
Auth endpoints10 req / minute
Domain management60 req / minute
Analytics / metrics30 req / minute
Session queries30 req / minute
Exceeding limits returns HTTP 429: 
{ "error": "too many requests" }

Pub API (session queries)

The public endpoints /pub/{public_key}/{secret_key}/... are rate limited to:
EndpointLimit
/pub/.../debug/...100 req / minute
/pub/.../history/...60 req / minute