Rate Limits
Flowxtra applies rate limiting to protect the platform and ensure fair usage.
Limits by Context
| Context | Limit | Scope |
|---|---|---|
| API (authenticated) | 300 requests/min | Per user |
| Auth endpoints | 120 requests/min | Per IP |
| Login | 5 attempts/min | Per IP |
| Tenant routes | 500 requests/min | Per user |
| Public endpoints | 1000 requests/min | Per IP |
Rate Limit Headers
Every response includes rate limit information:
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 297
Exceeding the Limit
When you exceed the rate limit, the API returns:
{
"message": "Too Many Attempts.",
"retry_after": 60
}
Status code: 429 Too Many Requests
Wait the retry_after seconds before making another request.