Rate limits

Rate limiting is applied to all truAPI (https://truapi-dev.truconsent.io) endpoints to protect the platform from abuse.

Policy

Parameter	Default	Override (env var)
Max requests per window	500	RATE_LIMIT_EXT_REQUESTS
Window size	60 seconds	RATE_LIMIT_EXT_WINDOW_SEC

The rate limiter uses a per-IP + per-org sliding window. The key is {client-ip}:{X-Org-Id}.

Response headers

Every response from a rate-limited endpoint includes these headers:

X-RateLimit-Limit: 500
X-RateLimit-Remaining: 487
X-RateLimit-Window: 60

When the limit is exceeded:

HTTP/1.1 429 Too Many Requests
Retry-After: 12
X-RateLimit-Limit: 500
X-RateLimit-Window: 60

Wait the number of seconds in Retry-After before retrying.

Client IP resolution

The rate limiter reads the real client IP from X-Forwarded-For when present (set by your CDN or load balancer). If absent, it falls back to the direct connection IP.

Need higher limits?

Contact support from the platform dashboard with your X-Org-Id and a description of your use case.

← Error codesNext: Changelog →