Friendship Tracker
Rate limits
How Friendship Tracker throttles incoming traffic.
Friendship Tracker applies two layers of token-bucket throttling. Per-IP buckets protect the deployment from abusive clients; per-token buckets (PATs only) protect against a single token replayed from many IPs. On exhaustion, responses return 429 with a Retry-After header in seconds.
Limits
| Authenticated reads (per IP) | 600 / min |
| Authenticated writes (per IP) | 180 / min |
| 1200 / min |
Behaviour under load
On exhaustion every endpoint replies with 429 Too Many Requests and a Retry-After header in seconds. The frontend client honours it automatically: follow-up calls within that window are short-circuited locally with a synthetic 429 so a queue can't compound the server-side ban.