Rate Limiting / Throttling

You can limit the number of times end users or anyone IP address can make calls using your API keys, directly from the Ipregistry dashboard:

  1. Open your dashboard.
  2. Click on "API Keys" in the left menu.
  3. Click on "Edit" for the key you want to filter origins.
  4. In the "Throttling / Rate limiting" section, select "Set invocation limit per hour" for the dropdown option.
  5. Enter the URL prefix of the origins that are allowed:

    Set invocation limit per hour

  6. Save your changes.

By default, rate limiting/throttling is disabled. In that case, the only limit is your credits balance.

Behavior

Throttling is based on an adaptation of the leaky bucket algorithm as described by Cloudflare:
https://blog.cloudflare.com/counting-things-a-lot-of-different-things

The rate limit is reset gradually each hour based on your usage in the last hour and the time elapsed since. This enables protection against traffic spikes.

Headers

Once enabled, all requests making use of throttling are returning the following additional HTTP headers in their response:

NameDescription
Retry-AfterIndicates how long the user agent should wait (in seconds) before making a follow-up request.
X-Rate-Limit-LimitIndicates how many look ups your application may make per time window. The time window is currently 1 hour but for the most reliable code, you should not assume this is the case — use the X-Rate-Limit-Reset header instead.
X-Rate-Limit-RemainingIndicates how many credits (lookups) you have remaining in this window.
X-Rate-Limit-ResetIndicates when the current window ends, in seconds from the current time.