---
title: "Rate Limiting"
description: "Rate limiting for Formbricks"
icon: "timer"
---

To protect the platform from abuse and ensure fair usage, rate limiting is enforced by default on an IP-address basis. If a client exceeds the allowed number of requests within the specified time window, the API will return a `429 Too Many Requests` status code.

## Default Rate Limits

The following rate limits apply to various endpoints:

| **Endpoint**            | **Rate Limit** | **Time Window** |
| ----------------------- | -------------- | --------------- |
| `POST /login`           | 30 requests    | 15 minutes      |
| `POST /signup`          | 30 requests    | 60 minutes      |
| `POST /verify-email`    | 10 requests    | 60 minutes      |
| `POST /forgot-password` | 5 requests     | 60 minutes      |
| `GET /client-side-api`  | 100 requests   | 1 minute        |
| `POST /share`           | 100 requests   | 60 minutes      |

If a request exceeds the defined rate limit, the server will respond with:

```json
{
  "code": 429,
  "error": "Too many requests, Please try after a while!"
}
```

## Disabling Rate Limiting

For self-hosters, rate limiting can be disabled if necessary. However, we **strongly recommend keeping rate limiting enabled in production environments** to prevent abuse.

To disable rate limiting, set the following environment variable:

```bash
RATE_LIMITING_DISABLED=1
```

After making this change, restart your server to apply the new setting.