Background #
Using Cipher EIAM, you can programmatically create rate limit for your existing Identities.
Prerequisite #
Before you get started, make sure you have the following:
- A tenant created in Cipher
- A domain
- You have access to the Authentication Center
- You have a client created in Authentication Center
- And have the Auth Token for the API
Configuring the Identity Rate Limits #
The developer can put a cap on how often someone can repeat an “Identity” within a certain timeframe - for instance, trying to log in using phonenumber Identity. Rate limiting can help stop certain kinds of malicious bot activity. It can also reduce strain on web servers. Following is the Curl, that the developer needs to trigger for configuring the “Identity Rate Limits” for his domain
curl --location --request POST 'https://api.preprod.zeta.in/cerberus2/domains/<DomainName>/config/identities/[phoneNumber/email]/attributes' \
--header 'Authorization: Bearer <Token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"attributes": [
{
"name": "RATE_LIMIT_ENABLED",
"value": "true"
},
{
"name": "RATE_LIMIT_COUNT",
"value": "2"
},
{
"name": "RATE_LIMIT_INTERVAL_SECONDS",
"value": "600"
},
{
"name": "RATE_LIMIT_WHITELIST",
"value": ""
}
],
"headers": {}
}'
In the above example, I have set Rate Limit as “True”, Rate Limit as 2 and Interval as 600 seconds, i.e. the employee will not be allowed once the employee crosses 2 attempt in the time internal of 600 seconds. If the employee crosses the limit, the employee will be shown an error message - “Rate Limit Exceeded. Please try again after XX hours”