Rate limiting

Rate limiting prevents abuse while ensuring legitimate users have consistent access to your API. ShipOS provides flexible rate limiting with multiple algorithms and granular controls that adapt to your application's needs.

The rate limiting system operates at multiple levels: global, per-user, per-endpoint, and per-organization. This layered approach ensures fair usage while preventing any single user or automated system from overwhelming your infrastructure or degrading service quality.

Configure rate limits through code or the dashboard with flexible parameters:

await shipos.rateLimits.setUserLimit(userId, {
  requests: 1000,
  window: '1h',
  burstAllowance: 50
});

await shipos.rateLimits.setEndpointLimit('/api/upload', {
  requests: 10,
  window: '1m'
});

await shipos.rateLimits.setUserLimit(userId, {
  requests: 1000,
  window: '1h',
  burstAllowance: 50
});

await shipos.rateLimits.setEndpointLimit('/api/upload', {
  requests: 10,
  window: '1m'
});

await shipos.rateLimits.setUserLimit(userId, {
  requests: 1000,
  window: '1h',
  burstAllowance: 50
});

await shipos.rateLimits.setEndpointLimit('/api/upload', {
  requests: 10,
  window: '1m'
});

ShipOS supports multiple rate limiting algorithms including Token Bucket, Fixed Window, and Sliding Window. Token Bucket allows for traffic bursts while maintaining average limits. Fixed Window resets limits at regular intervals, while Sliding Window provides more granular control over request distribution.

When users exceed their limits, they receive clear HTTP responses with Retry-After headers indicating when they can make requests again. The system tracks violations and can automatically escalate repeated abuse through configurable policies and notifications.

Premium users can have higher rate limits automatically applied based on their subscription tier. The system integrates with your billing setup to adjust limits dynamically as users upgrade or downgrade their plans, ensuring seamless service scaling.