Security

Rate Limiting

Evervault uses a number of safeguards against bursts of incoming traffic to help maximise the stability of its products. Users who send many requests might see error responses that show up as status code 429. Limits are set according to the tier of your team. These tier based limits are as follows:

  • Free tier: 100 requests per minute
  • Pro tier: 6,000 requests per minute
  • Enterprise tier: Custom

Treat these limits as maximums and don’t generate unnecessary load. If you suddenly see a rising number of unexpected rate limited requests, please contact support.

We may reduce limits to prevent abuse, or increase limits to enable high-traffic applications. Enterprise customers may request an increased rate limit by contacting support.

Common causes and mitigation

Rate limiting can occur under a variety of conditions, but it’s most common when running a large volume of closely-spaced requests. Often this is part of a batch or migration operation or when you have a large burst in traffic. When engaging in these activities, you should try to control the request rate on the client side.

A basic technique for integrations to gracefully handle limits is to watch for 429 status codes and build in a retry mechanism. The retry mechanism should follow an exponential backoff schedule to reduce request volume when necessary.

Depending on your traffic patterns, you may need a more sophisticated solution by implementing something like a token bucket rate limiting algorithm on the client side. There are mature implementations for more sophisticated algorithms available in almost any programming language.