Rate Limiting and Circuit Breakers
Rate Limiting
Implementation
Rate limiting is enforced on all API endpoints using a distributed store with in-memory fallback for high availability.
Authentication Endpoint Limits
Strict per-IP rate limits are applied to all authentication endpoints (signin, signup, password reset, MFA verification). Specific limits are configured per endpoint to prevent credential stuffing and brute-force attacks.
Global API Rate Limits
All authenticated endpoints are subject to per-key rate limits. Clients exceeding the limit receive HTTP 429 with a Retry-After header.
Account Lockout
Escalating lockout is enforced on repeated failed authentication attempts. The lockout duration increases with the number of failures, from minutes to hours.
Circuit Breakers
Proxy Circuit Breakers
The API Gateway implements circuit breakers on all service proxy routes. Each target service has an independent circuit breaker that opens after consecutive failures and automatically recovers via half-open probe requests.
When a circuit is open, the proxy returns HTTP 503 (Service Unavailable) without forwarding the request.
Timeouts
Standard proxy requests and long-running operations (data sync, batch calculations) have differentiated timeout configurations appropriate to their expected duration.
Circuit Breaker Cache
Circuit breaker state can be reset via the admin cache invalidation endpoint:
POST /api/v1/admin/cache/invalidate
Authorization: Bearer <admin-token>
Idempotency
Selected mutation endpoints support idempotency to prevent duplicate operations.
Mechanism
Clients include an Idempotency-Key header with a unique value. The server stores the response in a distributed store. Subsequent requests with the same key return the stored response without re-executing.
Idempotent Endpoints
POST /api/v1/admin/tenants— Tenant creationPOST /api/v1/admin/regulators— Regulator provisioningPOST /api/v1/admin/gdpr/erase-customer/:id— GDPR erasurePOST /api/v1/admin/gdpr/dsr— DSR creationPOST /api/v1/admin/gdpr/dsr/:id/process— DSR processingPOST /api/v1/admin/revoke-user-tokens— Token revocation
Applicable Methods
Idempotency checking applies to POST, PUT, and PATCH methods. GET, DELETE, and authentication endpoints are excluded.