🔒 Security & Rate Limits

Rate Limiting: All endpoints are subject to rate limiting to ensure fair usage and platform stability.

• Default: 100 requests per minute per IP

• Additional, stricter per-endpoint limits may apply

• Rate limit information is returned in response headers

• Exceeding limits returns 429 Too Many Requests with Retry-After and X-RateLimit-* headers

Security:

• All API traffic uses HTTPS/TLS 1.2+

• No sensitive data is exposed in public endpoints

• Download endpoints use secure slug-based mapping (no direct file paths)

• IP-based rate limiting with anonymized logging