Rate Limiting
Current limits enforced by the API routes in this repository.
How It Works
Rate limits are enforced with Redis-backed fixed 60-second buckets, shared across running instances. Limits are applied by endpoint, and some routes allow higher limits when a valid API key is provided.
Implemented Limits
| Endpoint | Public | Authenticated |
|---|---|---|
| GET /api/v1/health | No limit | No limit |
| GET /api/v1/auctions | 100/min | 1000/min |
| GET /api/v1/users/:address | 100/min | 1000/min |
| POST /api/v1/auctions/create | Auth required | 10/min |
| POST /api/v1/auctions/:id/bid | Auth required | 60/min |
| POST /api/v1/auctions/:id/settle | Auth required | 30/min |
Rate-Limited Response
{
"success": false,
"error": "Rate limit exceeded. Try again in 23 seconds.",
"code": "RATE_LIMITED",
"timestamp": 1711463000000
}The retry delay is included in the error message. Parse the seconds value and back off before retrying.
Backoff Example
async function withRetry(requestFn, maxRetries = 3) {
for (let attempt = 0; attempt < maxRetries; attempt++) {
const res = await requestFn();
const body = await res.json();
if (res.ok) return body;
if (res.status === 429 && body?.error) {
const match = body.error.match(/(\d+) seconds/);
const waitSeconds = match ? Number(match[1]) : 2;
await new Promise((r) => setTimeout(r, waitSeconds * 1000));
continue;
}
throw new Error(body?.error || 'HTTP ' + res.status);
}
throw new Error('Max retries reached');
}© 2026 SNSAuctions.xyz. Built on Solana.