search

Rate Limits & Security

hashtag
Connection limits

Limit
Value
Scope

Global concurrent connections

10,000

Entire server

Per-IP concurrent connections

20

Single IP address

Per-IP connection rate

60 / minute

Sliding window

Per-key concurrent connections

Configurable

Per API key

If you exceed any of these limits, the server responds with HTTP 429 Too Many Requests during the handshake:

{
  "error": "max_connections_reached",
  "limit": 5,
  "current": 5
}

hashtag
Client message limits

The server does not expect messages from clients. However, if you do send messages:

Limit
Value
Consequence

Message rate

30 / minute

Connection closed (rate_limit_exceeded)

Max frame size

1 KB

Connection closed (frame_too_large)

hashtag
TLS

All connections use TLS encryption by default (WSS on port 9201).

circle-info

The server may use a self-signed certificate. If so, you will need to disable certificate verification in your client. See Code Examples for how to do this in each language.

hashtag
API key security

  • Keys are hashed with SHA-256 before storage -- raw keys cannot be recovered from the database.

  • Invalid API keys are cached for 30 seconds to mitigate brute-force attacks.

  • Keys can be revoked instantly by an administrator, immediately disconnecting all active sessions.

  • Keys can have expiration dates -- expired keys are automatically rejected.

PreviousExchange filteringNextError Handling & Reconnection

Last updated

Was this helpful?