[{"data":1,"prerenderedAt":50},["ShallowReactive",2],{"changelog-entry-\u002Fchangelog\u002F2024\u002F04\u002Ftougher-rate-limiting":3},{"id":4,"title":5,"body":6,"description":37,"extension":38,"meta":39,"navigation":45,"path":46,"seo":47,"stem":48,"__hash__":49},"changelog\u002Fchangelog\u002F2024\u002F04\u002Ftougher-rate-limiting.md","Tougher Rate Limiting on Public Routes",{"type":7,"value":8,"toc":34},"minimark",[9,13,16,25,28,31],[10,11,12],"p",{},"Running any service on the internet requires constant vigilence on security issues. One feature\nwe've had in place for some time on FlowFuse Cloud is rate-limiting on our API. This limits how\noften someone can repeatedly call the API within a certain time frame.",[10,14,15],{},"We want to make sure we deter any misbehaviour, without getting in the way of genuine access.",[10,17,18,19,24],{},"For example, it would be entirely legitimate for a customer to use our ",[20,21,23],"a",{"href":22},"","API"," and automate some tasks via script. These API calls would arrive faster than if they were manually clicking around the FlowFuse UI, but that doesn't mean they should be restricted.",[10,26,27],{},"We also look to areas of the API that could be misused - for example, anything that can trigger an email to be sent, such as the \"I forgot my password\" API.",[10,29,30],{},"Tuning the rate-limiting is a continual process, and in that spirit we've recently made the rate limiting on certain routes to be much tougher and improved the feedback in the UI just in case a legitimate user accidentally hits it.",[10,32,33],{},"The tougher limits act as a better deterent, which in turn makes the platform more secure.",{"title":22,"searchDepth":35,"depth":35,"links":36},2,[],"FlowFuse now enhances security with stricter rate limiting on public routes, ensuring robust protection against misuse while maintaining seamless access for legitimate users.","md",{"date":40,"authors":41,"tags":43},"2024-04-11 12:01:01.0",[42],"nick-oleary",[44],"changelog",true,"\u002Fchangelog\u002F2024\u002F04\u002Ftougher-rate-limiting",{"title":5,"description":37},"changelog\u002F2024\u002F04\u002Ftougher-rate-limiting","EBXxO0tUDOFfjGuc9RohrmfWfpeMqBAoKfGVJdeJAAI",1780132422551]