'Too many requests' alert
This article explains the purpose and circumstances of this alert message
Contents
Overview
When attempting certain actions multiple times within a specific time frame, you or your customers may encounter the alert message 'Too many requests' - seen below.
While this may cause alarm, this alert message is part of standard security measures that are in place to prevent potential spam or bot activity.
Rate limit
There are security configurations in the customer booking portal that track how many requests are coming from the same IP address within a certain time frame. There is a specific amount of requests that are allowed before it triggers the rate limit of this action and displays the 'Too many requests' alert.
Below are the 2 primary actions and their rate limit parameters.
User signup
The parameters for the rate limit of signing up for a new user account:
- Within a 24 hour period there can be a maximum of 5 user account signups from 1 IP address.
- This is a rolling time period, which means the limit does not reset at a certain time of day, but rather it is determined by when the first request was sent.
Reset password
The parameters for the rate limit of triggering the password reset flow:
- Within a 24 hour period there is a maximum of 5 password resets triggered per 1 email address.
- This is a rolling time period, which means the limit does not reset at a certain time of day, but rather it is determined by when the first request was sent.
- This also applies to the management portal for admin logins.