TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-24 07:51:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: update rate limiting docs (#4186)

Browse Source 
* docs: update rate limiting docs

* reduce regexp mental overhead
This commit is contained in:
Elio Bischof 2022-08-15 17:40:43 +02:00 committed by GitHub
parent 872a4eae66
commit 0c6b47a081
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 21 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/docs/apis/ratelimits/api.md
View File

@ -1,14 +0,0 @@
---
title: API Rate Limits
---
<!-- //TODO Elio please update according to the current config -->
| Path | Description | Effective Limit |
|-----------------------------------------------------|--------------------------|----------------------------|
| /oauth/v2/* | Sum of all OAuth request | 500 request per 1 min |
| /oauth/v2/token | | 120 request per 1 min |
| /auth/v1/* | | none |
| /caos.zitadel.auth.api.v1.AuthService/* | | none |
| /management/v1/* | | 240 request per 1 min |
| /caos.zitadel.management.api.v1.ManagementService/* | | 240 request per 1 min |

10
docs/docs/apis/ratelimits/login.md
View File

@ -1,10 +0,0 @@
---
title: Login Rate Limits
---
<!-- //TODO Elio please update according to the current config -->
| Path | Description | Effective Limit |
|---------------------|----------------------------------------|---------------------------|
| /* | Global Login, Register and Reset Limit | none |
| /oauth/v2/authorize | Authorize endpoint | 20 request per 10 seconds |

16
docs/docs/apis/ratelimits/ratelimits.md Normal file
View File

@ -0,0 +1,16 @@
---
title: ZITADEL Cloud Rate Limits
---
| Path | Description | Throttling | One Minute Banning |
|--------------------------|----------------------------------------|--------------------------------------|----------------------------------------|
| /ui/login* | Global Login, Register and Reset Limit | 10 requests per second over a minute | 15 requests per sencond over 3 minutes |
| *Various API paths* [^1] | All other gRPC- and REST APIs<br/> - Management API<br/>- Admin API<br/>- Auth API<br/>- System API | 4 requests per second over a minute | 8 requests per second over 3 minutes |
[^1] API paths:
<details>
<summary>Open to see the reqular expression</summary>
<pre>
/system/v[0-9]+/.*|/auth/v[0-9]+/.|/admin/v[0-9]+/.|/management/v[0-9]+/.*|zitadel\.system\.v[0-9]+\.SystemService/.*|zitadel\.admin\.v[0-9]+\.AdminService/.*|zitadel\.auth\.v[0-9]+\.AuthService/.*|zitadel\.management\.v[0-9]+\.ManagementService/.*
</pre>
</details>

10
docs/docs/legal/rate-limit-policy.md
View File

@ -23,15 +23,9 @@ You should consider to implement [exponential backoff](https://en.wikipedia.org/
## What rate limits do apply ## What rate limits do apply
### Login, Register, Reset Limits For ZITADEL Cloud, we have a rate limiting rule for login paths (login, register and reset features) and for API paths each. Learn more about [the exact rules](/docs/apis/ratelimits).
For the rate limits of the Login, Register and Reset features please visit [Login Rate Limits](/docs/apis/ratelimits/login)
### API Rate Limits
For our API rate limits please check the [API Endpoint Rate Limits](/docs/apis/ratelimits/api)
## Load Testing ## Load Testing
If you would like to conduct load testing of ZITADEL Cloud or a managed instance, you MUST request to do so with a minimum of 2 weeks notice before the test by contacting us at support@zitadel.com. If you would like to conduct load testing of ZITADEL Cloud or a managed instance, you MUST request to do so with a minimum of 2 weeks notice before the test by contacting us at support@zitadel.com.
You MUST NOT conduct load testing without prior approval by us. Without prior approval and setup there is a high risk of being flagged by our DDoS solution as malicious traffic. This can have a severe impact on your service quality or result in termination of your agreement. You MUST NOT conduct load testing without prior approval by us. Without prior approval and setup there is a high risk of being flagged by our DDoS solution as malicious traffic. This can have a severe impact on your service quality or result in termination of your agreement.

4
docs/docusaurus.config.js
View File

@ -155,7 +155,7 @@ module.exports = {
} }
], ],
}, },
], ],
copyright: `Copyright © ${new Date().getFullYear()} ZITADEL Docs - Built with Docusaurus.`, copyright: `Copyright © ${new Date().getFullYear()} ZITADEL Docs - Built with Docusaurus.`,
}, },
@ -166,7 +166,7 @@ module.exports = {
selector: 'div#' selector: 'div#'
}, },
prism: { prism: {
additionalLanguages: ["csharp", "dart", "groovy"], additionalLanguages: ["csharp", "dart", "groovy", "regex"],
}, },
}, },
presets: [ presets: [

3
docs/sidebars.js
View File

@ -210,9 +210,8 @@ module.exports = {
label: "Rate Limits", label: "Rate Limits",
collapsed: false, collapsed: false,
items: [ items: [
"apis/ratelimits/ratelimits",
"legal/rate-limit-policy", "legal/rate-limit-policy",
"apis/ratelimits/login",
"apis/ratelimits/api",
], ],
}, },
], ],