Rate Limiting and Protecting Your API from Abuse
An open door is an invitation to abuse. Rate limiting caps how many requests any single user or system can make in a given period, which keeps your API fast for everyone and shields it from attack.
Without it, a single misbehaving client — or a malicious one — can overwhelm your servers and degrade the experience for legitimate customers.
What It Defends Against
- Brute-force attempts to guess passwords.
- Scrapers hammering your data endpoints.
- Runaway integrations stuck in a loop.
- Denial-of-service attempts that flood the server.
How Users Experience It
Honest users almost never notice limits, because they are set well above normal usage. If a limit is hit, the API replies with a clear message and a hint of when to try again, rather than simply failing.
| Limit type | Example | Purpose |
|---|---|---|
| Per user | 1,000 requests/hour | Fair share for everyone |
| Per endpoint | 5 login attempts/minute | Stop brute force |
| Global | Cap total traffic | Protect the whole server |
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.