Documentation
Rate limits
Brute-forceable endpoints are rate limited per IP. Over the limit returns 429 with a Retry-After header. Session-gated calls (init, check, var, file) are not limited.
/auth/login, /auth/signup10 / min/api/1.x/login, /register, /license20 / min/manage/1.x/license60 / min