@eve or anyone else in the know… curious question.
Do WF API’s rate limit or block repeated failed requests? For example, an attempted DOS attack.
Bubble Reference: APIs > Rate Limit:
@keith… Thank you. I saw the 1000 requests part already in the docs. Doesn’t really address my question. What I am hoping to hear is that auth failed requests are blocked after an attempt or two. The docs make no mention of this.
I’m assuming the docs indicate the extent of rate limiting. Maybe someone from Bubble support might chime in to confirm (@eve or someone else on the team)?
@keith That’s what I am hoping. From my own (limited) testing in Postman it worries me a bit. Seems like a potential vulnerability.
Hi @Tad_B
That is a vulnerability fact, and the more we are going to be, the more important this security measure will be. It would be good in the event of an attack, abnormal or abusive use of an API to be alerted by email. Something I’m missing @eve ? It’s only a matter of time. For what I know now, your capacity will reach 100%, and API requests will be rejected (timeout). Finally, I remembered that you will be notified in case of 100% capacity for 5 min. It’s all right! 
update: I lowered my value to two minutes.
1 Like
@JohnMark Exactly.
@JohnMark Being notified seems like a good thing. Still not convinced it’s all right. I am hoping to hear from Bubble that they have some mechanism in place that detects and drops and does not count against the 1000 potential legit requests - any attempt at shenanigans ie DOS attacks etc.
1 Like