Owasp Api4 2023 Rate Limit Error

OWASP API4 2023 Rate Limit (Edit)

Define proper rate limiting to avoid attackers overloading the API. There are many ways to implement rate-limiting, but most of them involve using HTTP headers. All 2XX and 4XX responses should define rate limiting headers.

OWASPSecurityRate LimitingOpenAPI

Rule Definition

{"owasp-api4-2023-rate-limit-error":{"description":"Define proper rate limiting to avoid attackers overloading the API. There are many ways to implement rate-limiting, but most of them involve using HTTP headers. All 2XX and 4XX responses should define rate limiting headers.","message":"All 2XX and 4XX responses should define rate limiting headers.","given":"$.paths[*]..responses[?(@property.match(/^(2|4)/))]","severity":"error","then":{"field":"headers","function":"truthy"}}}

Back to All of the Rules

OWASP API4 2023 Rate Limit (Edit)

This Page

Open & Ask

Rule Definition