Rate Limiting

How MoniPay protects its infrastructure from abuse and DDoS attacks.

To ensure high availability and protect against malicious actors, MoniPay implements strict rate limiting across all API endpoints.

Why We Rate Limit

  • Brute Force Protection: Prevents attackers from trying thousands of PIN combinations.
  • DDoS Mitigation: Protects our infrastructure from being overwhelmed by fake traffic.
  • Fair Usage: Ensures that one high-volume user doesn't degrade the experience for everyone else.

Limit Tiers

We use different limits depending on the sensitivity of the endpoint:

  • Payment Execution: Strictest limits. Designed to handle realistic human transaction speeds.
  • Account Registration: High security. Prevents mass bot account creation.
  • Read Operations: More permissive. Allows for smooth UI updates and polling.

Handling Rate Limits

If you exceed a limit, the API will return an HTTP 429 Too Many Requests status code. The response will include a Retry-After header indicating how many seconds you should wait before trying again.

http

For developers, we recommend implementing Exponential Backoff in your integration to handle 429 errors gracefully.