Owasp Api4 2023 Rate Limit Retry After Error

OWASP API4 2023 Rate Limit Retry After (Edit)

Define proper rate limiting to avoid attackers overloading the API. Part of that involves setting a Retry-After header so well-meaning consumers are not polling and potentially exacerbating problems.

OWASPSecurityRate LimitingOpenAPI

Rule Definition

{"owasp-api4-2023-rate-limit-retry-after-error":{"description":"Define proper rate limiting to avoid attackers overloading the API. Part of that involves setting a Retry-After header so well-meaning consumers are not polling and potentially exacerbating problems.","message":"A 429 response should define a Retry-After header.","given":"$..responses[429].headers","severity":"error","then":{"field":"Retry-After","function":"truthy"}}}

Back to All of the Rules

OWASP API4 2023 Rate Limit Retry After (Edit)

This Page

Open & Ask

Rule Definition