# Rate Limiting

Built-in rate limiting protects against abuse.

Usage

typescript

1import { RateLimiter } from '@solongate/sdk';
2
3const limiter = new RateLimiter({
4  maxRequests: 100,
5  windowMs: 60000,  // 1 minute
6});
7
8const result = limiter.check(userId);
9
10if (!result.allowed) {
11  console.log('Rate limited!');
12  console.log('Retry after:', result.retryAfterMs, 'ms');
13} else {
14  console.log('Remaining:', result.remaining);
15}

Sliding Window Algorithm

typescript

1import { RateLimiter } from '@solongate/sdk';
2
3// Sliding window provides smoother rate limiting
4const limiter = new RateLimiter({
5  maxRequests: 100,
6  windowMs: 60000,
7  algorithm: 'sliding-window',  // Default: 'fixed-window'
8});
9
10// Per-user limiting
11const userResult = limiter.check(userId);
12
13// Per-IP limiting
14const ipResult = limiter.check(ipAddress);
15
16// Combined limiting (most restrictive wins)
17const combined = limiter.checkMultiple([userId, ipAddress]);

API Rate Limits

Endpoint	Live Key	Test Key
/validate	1000/min	100/min
/tokens/verify	1000/min	100/min
/policies/*	100/min	50/min

Rate Limit Headers

bash

1HTTP/1.1 200 OK
2X-RateLimit-Limit: 1000
3X-RateLimit-Remaining: 999
4X-RateLimit-Reset: 1705312260
5
6# When rate limited
7HTTP/1.1 429 Too Many Requests
8Retry-After: 30
9X-RateLimit-Limit: 1000
10X-RateLimit-Remaining: 0
11X-RateLimit-Reset: 1705312260

Capability Tokens MCP Integration

# Rate Limiting

Built-in rate limiting protects against abuse.

Usage

typescript

1import { RateLimiter } from '@solongate/sdk';
2
3const limiter = new RateLimiter({
4  maxRequests: 100,
5  windowMs: 60000,  // 1 minute
6});
7
8const result = limiter.check(userId);
9
10if (!result.allowed) {
11  console.log('Rate limited!');
12  console.log('Retry after:', result.retryAfterMs, 'ms');
13} else {
14  console.log('Remaining:', result.remaining);
15}

Sliding Window Algorithm

typescript

1import { RateLimiter } from '@solongate/sdk';
2
3// Sliding window provides smoother rate limiting
4const limiter = new RateLimiter({
5  maxRequests: 100,
6  windowMs: 60000,
7  algorithm: 'sliding-window',  // Default: 'fixed-window'
8});
9
10// Per-user limiting
11const userResult = limiter.check(userId);
12
13// Per-IP limiting
14const ipResult = limiter.check(ipAddress);
15
16// Combined limiting (most restrictive wins)
17const combined = limiter.checkMultiple([userId, ipAddress]);

API Rate Limits

Endpoint	Live Key	Test Key
/validate	1000/min	100/min
/tokens/verify	1000/min	100/min
/policies/*	100/min	50/min

Rate Limit Headers

bash

1HTTP/1.1 200 OK
2X-RateLimit-Limit: 1000
3X-RateLimit-Remaining: 999
4X-RateLimit-Reset: 1705312260
5
6# When rate limited
7HTTP/1.1 429 Too Many Requests
8Retry-After: 30
9X-RateLimit-Limit: 1000
10X-RateLimit-Remaining: 0
11X-RateLimit-Reset: 1705312260

Capability Tokens MCP Integration