Rate limiting
Does the login/create account/forgot password have build in rate limiting?
2 Replies
Hi @InterestEmpire. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Yes, Wasp has built-in rate limiting for certain authentication actions when using email/password authentication:
- Signup (Create Account): There is a rate limit of 1 signup request per minute per email address to prevent spamming. This is explicitly mentioned in the documentation for email authentication signup flows Docs: Email Auth Signup.
- Forgot Password (Password Reset): Similarly, password reset requests are rate-limited to 1 request per minute per email address Docs: Email Auth Password Reset.
For the login action, the knowledge sources do not explicitly mention built-in rate limiting. The available documentation and issues only confirm rate limiting for signup and password reset actions.
There is also ongoing discussion about making rate limiting more general and customizable in Wasp, but as of now, the built-in rate limiting applies specifically to signup and password reset for email/password auth Github Issue: Rate Limiting.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @InterestEmpire, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
@InterestEmpire was the bot's answer useful?