<![CDATA[Topics tagged with rate limiting]]>https://fusionauth.io/community/forum/tags/rate limitingRSS for NodeSun, 17 May 2026 03:23:12 GMTInvalid Date60<![CDATA[How to Handle CAPTCHA and Rate Limits for Automated Testing in FusionAuth]]>You’ll need to disable or mock CAPTCHA in a test environment and adjust rate-limit settings in FusionAuth’s config or use test API keys to avoid hitting production limits during automated runs.

]]>https://fusionauth.io/community/forum/topic/3035/how-to-handle-captcha-and-rate-limits-for-automated-testing-in-fusionauthhttps://fusionauth.io/community/forum/topic/3035/how-to-handle-captcha-and-rate-limits-for-automated-testing-in-fusionauthInvalid Date<![CDATA[Managing Rate Limits and CAPTCHA During FusionAuth Cloud Integration]]>These challenges are expected because of the security protections in place on FusionAuth Cloud deployments. One option is indeed to self-host FusionAuth, which gives you full control over rate limits and CAPTCHA settings.

Alternatively, you could add your IP address to FusionAuth’s allowlist, which can exempt you from certain rate limits and CAPTCHA checks. Details on this approach and the requirements are documented here:
CAPTCHA and Rate Limits - FusionAuth Cloud

]]>https://fusionauth.io/community/forum/topic/2990/managing-rate-limits-and-captcha-during-fusionauth-cloud-integrationhttps://fusionauth.io/community/forum/topic/2990/managing-rate-limits-and-captcha-during-fusionauth-cloud-integrationInvalid Date<![CDATA[Rate limiting FusionAuth API access]]>You have a couple of options.

If you are self hosting, use a WAF, CDN or firewall to rate limit access to FusionAuth.

If you are using FusionAuth Cloud, we have protection in place to ensure customers don’t get DDoSed; additionally, all customer servers are monitored for responsiveness and availability.

If you need more rate limiting options, we're working on it: https://github.com/FusionAuth/fusionauth-issues/issues/905

]]>https://fusionauth.io/community/forum/topic/1092/rate-limiting-fusionauth-api-accesshttps://fusionauth.io/community/forum/topic/1092/rate-limiting-fusionauth-api-accessInvalid Date<![CDATA[Rate limit password reset requests?]]>This is not currently handled by FusionAuth. You would have to use another application firewall of some sort that offers rate limiting. Here's an example for nginx: https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/

We have discussed adding this feature, but due to the other options available it has not yet been prioritized. Feel free to open a feature request on GitHub.

]]>https://fusionauth.io/community/forum/topic/361/rate-limit-password-reset-requestshttps://fusionauth.io/community/forum/topic/361/rate-limit-password-reset-requestsInvalid Date<![CDATA[Rate limiting login attempts]]>Please check out https://fusionauth.io/docs/v1/tech/tutorials/setting-up-user-account-lockout which walks you through the steps to lock logins after a configurable number of attempts.

]]>https://fusionauth.io/community/forum/topic/192/rate-limiting-login-attemptshttps://fusionauth.io/community/forum/topic/192/rate-limiting-login-attemptsInvalid Date