Enterprise-grade protections against DoS, abuse, and noisy tenants. Multi-tenant fairness with per-IP and per-tenant rate limiting.
Rate Limiting
| Route Class | Limit Type | Rate | Burst |
|---|
| Public Verify | Per-IP | 50 r/s | 20 |
| Minting | Per-Tenant | 20 r/s | 10 |
| Governance | Per-Tenant | 10 r/s | 5 |
| General API | Per-IP | 100 r/s | 50 |
Request Size Limits
| Endpoint | Max Body Size |
|---|
| Global Default | 1 MB |
/v1/attestations | 512 KB |
Error Responses
| HTTP | Code | Description |
|---|
| 413 | PAYLOAD_TOO_LARGE | Request body exceeds size limit |
| 429 | RATE_LIMIT_EXCEEDED | Too many requests |
| 503 | SERVICE_UNAVAILABLE | Upstream temporarily unavailable |
{
"code": "RATE_LIMIT_EXCEEDED",
"message": "Too many requests. Please retry after the specified interval.",
"http_status": 429,
"retry_after_ms": 1000
}
Connection timeout protection
All API services enforce HTTP server timeouts that protect against slowloris-style denial-of-service attacks. These timeouts automatically close connections that send data too slowly, preventing a single attacker from exhausting server resources with many slow, open connections.
This protection applies to every service behind the API gateway and requires no configuration on your part. If you are running long-polling or streaming requests, ensure your client sends data within the standard HTTP timeout window. Standard API requests are not affected.
Algorithm Enforcement
Algorithm Enforcement: The platform supports Ed25519, ES256, ES384, ES512, RS256, RS384, RS512, PS256, PS384, PS512. Requests with algorithms outside this set will be
rejected with a 400 error.
Compliance Mapping
B2C
- Per-IP limits protect consumer endpoints * Privacy-first: only hashes
logged * Rate limits explained as consumer protection
B2B
- Per-tenant quotas for SLA isolation * Audit retention for enterprise
audits * Correlation IDs for SOC2/ISO27001
B2G
- Stricter governance route limits * Retention supports regulatory
recordkeeping * Error taxonomy for legal defensibility
B2B2C
- Dual-layer limits (IP + tenant) * Offline bundle verification * Cross-org
portability
Configuration
client_max_body_size 1m;
limit_req_zone $binary_remote_addr zone=per_ip_verify:10m rate=50r/s;
limit_req_zone $tenant_key zone=per_tenant_mint:10m rate=20r/s;
# Audit Service
AUDIT_RETENTION_DAYS=90
# Transparency Log
LOG_CHECKPOINT_INTERVAL=5m
LOG_PRUNE_KEEP_LEAVES=1000
