Rate Limits

REST gateway (fingerprint ingestion)

ShieldLabs rate-limits the REST gateway (rest.shieldlabs.ai) by client IP address:

Threshold	Action	Duration
> 10 requests / minute per IP	Auto-ban	1 hour

When banned, checks return webhook score 999:

{
  "Score": 999,
  "Details": [
    { "Value": 999, "Description": "User has been banned 1H, to many requests" }
  ]
}

Additional REST protections: 512 KB max body, 512 concurrent connections, 2s request timeout. Dashboard login is limited to 10 failed attempts per 15 minutes per IP on account.shieldlabs.ai. Exceeding returns 429:

{ "error": "too many login attempts, try again later" }

Email resend/forgot-password endpoints have a 2-minute cooldown per email address.

Pub API and Dashboard API

Per-endpoint rate limits are not currently enforced on Pub API or general Dashboard API routes beyond login throttling. Implement your own caching if you poll debug endpoints frequently.

Errors FAQ

​Rate Limits

​REST gateway (fingerprint ingestion)

​Login rate limiting

​Pub API and Dashboard API

Rate Limits

REST gateway (fingerprint ingestion)

Login rate limiting

Pub API and Dashboard API