We are strengthening our API infrastructure by introducing two major security and stability improvements that will be enabled for all of our APIs.
What's New
- Rate Limiting: To ensure system stability and fair usage, all APIs will now have rate limits applied. These limits are tailored to typical usage patterns and will help prevent abuse or accidental overload. Rate limits are enforced using a short sliding window, allowing brief bursts of activity without compromising overall stability. The rate limits should be high enough not to be visible for normal usage. However, they are useful for exceptional cases if a caller gets stuck in a loop or otherwise threatens the stability of our system.
- OWASP API Security Top 10 (v3.2) Enforcement: We are now actively enforcing key OWASP 3.2 API Security guidelines. This includes improved input validation, stronger authentication mechanisms, and better logging and monitoring.
These changes aim to improve resilience, protect against common threats, and ensure a more reliable API experience for everyone.
These changes should not be be visible to our customer integrations. They apply to both APIv1 and APIv2. The enforcement is already applied in the TEST environment.
For questions or to request adjustments to rate limits, please contact our support team.