From ebc140a2348693610f83fc41e6438254fcb66393 Mon Sep 17 00:00:00 2001
From: mffap <mpa@zitadel.com>
Date: Fri, 21 Apr 2023 15:21:05 +0200
Subject: [PATCH] docs(legal): merge rate limits (#5719)

* formatting title configuration

* merge policy and metrics

* raising limits, editorial

* Update docs/docs/legal/rate-limit-policy.md

Co-authored-by: Elio Bischof <elio@zitadel.com>

* Apply suggestions from code review

Co-authored-by: Elio Bischof <elio@zitadel.com>

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
---
 .../solution-scenarios/configurations.mdx     |  6 +++---
 docs/docs/legal/rate-limit-policy.md          | 20 ++++++++++++++++---
 docs/sidebars.js                              |  7 +++----
 3 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/docs/docs/guides/solution-scenarios/configurations.mdx b/docs/docs/guides/solution-scenarios/configurations.mdx
index 60953f61ee..2940398a85 100644
--- a/docs/docs/guides/solution-scenarios/configurations.mdx
+++ b/docs/docs/guides/solution-scenarios/configurations.mdx
@@ -27,9 +27,9 @@ More about the [scopes](/apis/openidoauth/scopes#reserved-scopes)
 
 If you have an application that runs a dedicated domain for each customer you need to instruct ZITADEL to allow redirection for each domain specifically to safeguard against phishing attacks.
 
-Example:
-MyApplication: customer-a.app.com
-ZITADEL Login: login.app.com
+Example:  
+MyApplication: `customer-a.app.com`  
+ZITADEL Login: `login.app.com`
 
 In the OIDC Authorization request you always have to send the redirect URI to where you like to be redirected after login.
 To handle this scenario it is possible to register multiple URIs on each application in ZITADEL, the only criteria is that the requested URI has to match one of the registered URIs.
diff --git a/docs/docs/legal/rate-limit-policy.md b/docs/docs/legal/rate-limit-policy.md
index d3e3047a4a..8cae76e99a 100644
--- a/docs/docs/legal/rate-limit-policy.md
+++ b/docs/docs/legal/rate-limit-policy.md
@@ -12,18 +12,32 @@ To ensure the availability of our Services and to avoid slow or failed requests
 
 ## How is the rate limit implemented
 
-ZITADEL Clouds rate limit is built around a `IP` oriented model. Please be aware that we also utilize a service for DDoS mitigation.
+ZITADEL Clouds rate limit is built around a `IP` oriented model.
+Please be aware that we also utilize a service for DDoS mitigation.
 So if you simply change your `IP` address and run the same request again and again you might be get blocked at some point.
 
 If you are blocked you will receive a `http status 429`.
 
-:::tip
+:::tip Implement exponential backoff
 You should consider to implement [exponential backoff](https://en.wikipedia.org/wiki/Exponential_backoff) into your application to prevent a blocking loop.
 :::
 
+:::info Raising limits
+We understand that there are certain scenarios where your users access ZITADEL from shared IP Addresses.
+For example if you use a corporate proxy or Network Address Translation NAT.
+Please [get in touch](https://zitadel.com/contact) with us to discuss your requirements and we'll find a solution.
+:::
+
 ## What rate limits do apply
 
-For ZITADEL Cloud, we have a rate limiting rule for login paths (login, register and reset features) and for API paths each. Learn more about [the exact rules](/apis/ratelimits).
+For ZITADEL Cloud, we have a rate limiting rule for login paths (login, register and reset features) and for API paths each.
+
+Rate limits are implemented with the following rules:
+
+| Path                     | Description                            | Rate Limiting                        | One Minute Banning                     |
+|--------------------------|----------------------------------------|--------------------------------------|----------------------------------------|
+| /ui/login*               | Global Login, Register and Reset Limit | 10 requests per second over a minute | 15 requests per second over 3 minutes |
+| All other paths | All gRPC- and REST APIs as well as the ZITADEL Customer Portal | 10 requests per second over a minute       | 10 requests per second over 3 minutes   |
 
 ## Load Testing
 
diff --git a/docs/sidebars.js b/docs/sidebars.js
index 732e5a8f23..df769ae28c 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -420,10 +420,9 @@ module.exports = {
       items: ["apis/observability/metrics", "apis/observability/health"],
     },
     {
-      type: "category",
-      label: "Rate Limits",
-      collapsed: false,
-      items: ["apis/ratelimits/ratelimits", "legal/rate-limit-policy"],
+      type: 'link',
+      label: 'Rate Limits (Cloud)', // The link label
+      href: '/legal/rate-limit-policy', // The internal path
     },
   ],
   selfHosting: [