Abuse Hardening & Security Controls
Enterprise-grade protections against DoS, abuse, and noisy tenants. Multi-tenant fairness with per-IP and per-tenant rate limiting.
Rate Limiting
| Route Class | Limit Type | Rate | Burst |
|---|
| Public Verify | Per-IP | 50 r/s | 20 |
| Minting | Per-Tenant | 20 r/s | 10 |
| Governance | Per-Tenant | 10 r/s | 5 |
| General API | Per-IP | 100 r/s | 50 |
Request Size Limits
| Endpoint | Max Body Size |
|---|
| Global Default | 1 MB |
| /v1/attestations | 512 KB |
Error Responses
| HTTP | Code | Description |
|---|
| 413 | PAYLOAD_TOO_LARGE | Request body exceeds size limit |
| 429 | RATE_LIMIT_EXCEEDED | Too many requests |
| 503 | SERVICE_UNAVAILABLE | Upstream temporarily unavailable |
{
"code": "RATE_LIMIT_EXCEEDED",
"message": "Too many requests. Please retry after the specified interval.",
"http_status": 429,
"retry_after_ms": 1000
}
Algorithm Enforcement
Ed25519 Only: The platform currently supports only Ed25519 for signing operations. Requests with unsupported algorithms (P-256, P-384, RS256) will be rejected with a 400 error.
Compliance Mapping
B2C
- • Per-IP limits protect consumer endpoints
- • Privacy-first: only hashes logged
- • Rate limits explained as consumer protection
B2B
- • Per-tenant quotas for SLA isolation
- • Audit retention for enterprise audits
- • Correlation IDs for SOC2/ISO27001
B2G
- • Stricter governance route limits
- • Retention supports regulatory recordkeeping
- • Error taxonomy for legal defensibility
B2B2C
- • Dual-layer limits (IP + tenant)
- • Offline bundle verification
- • Cross-org portability
Configuration
# Gateway (nginx.conf)
client_max_body_size 1m;
limit_req_zone $binary_remote_addr zone=per_ip_verify:10m rate=50r/s;
limit_req_zone $tenant_key zone=per_tenant_mint:10m rate=20r/s;
# Audit Service
AUDIT_RETENTION_DAYS=90
# Transparency Log
LOG_CHECKPOINT_INTERVAL=5m
LOG_PRUNE_KEEP_LEAVES=1000
