security en
Rate limiting
security
Also called: request throttling
Plain-language definition
Plain-language definition
Restricting how often an action may be attempted in a period.
Why it matters
It helps control brute force, scraping, spam, and resource exhaustion without replacing authorization.
Technical detail
Rate limiting counts requests by an appropriate identity and applies quotas, delays, or rejection while accounting for distributed systems and trusted proxies.
Examples
- The API temporarily rejects excessive sign-in attempts from the same risk context.
Related terms
Sources and review
Reviewed July 12, 2026 by e2e-1783854138445-0citu53rtqqe@test.repairyour.tech. Next review due January 11, 2027.
- Cross Site Request Forgery — OWASP Foundation Accessed 7/11/2026
See something we should improve?
Suggest a correction to “Rate limiting.” Suggestions are reviewed before the published definition changes.