RepairYour.Tech
security en

Rate limiting

security

Also called: request throttling

Plain-language definition

Plain-language definition

Restricting how often an action may be attempted in a period.

Why it matters

It helps control brute force, scraping, spam, and resource exhaustion without replacing authorization.

Technical detail

Rate limiting counts requests by an appropriate identity and applies quotas, delays, or rejection while accounting for distributed systems and trusted proxies.

Examples

  • The API temporarily rejects excessive sign-in attempts from the same risk context.

Sources and review

Reviewed July 12, 2026 by [email protected]. Next review due January 11, 2027.

  1. Cross Site Request Forgery — OWASP Foundation Accessed 7/11/2026

See something we should improve?

Suggest a correction to “Rate limiting.” Suggestions are reviewed before the published definition changes.

Press ? for shortcuts