Documentation

Rate limits

Brute-forceable endpoints are rate limited per IP. Over the limit returns 429 with a Retry-After header. Session-gated calls (init, check, var, file) are not limited.

/auth/login, /auth/signup10 / min
/api/1.x/login, /register, /license20 / min
/manage/1.x/license60 / min