Rate limiting is a common technique used to improve the security of an API. It defines a maximum number of requests a server will accept from a client on a given period. These limits are crucial for protecting the api from abuse, ensuring fair usage, and preventing application-level denial-of-service attacks.

For the EAC GraphQL API, we set the limit to 60 requests per second par client IP address. In addition, a buffer of 300 requests is used to absorb peaks of requests and delay their execution to remain in the defined limit.

If a request is rate limited, EAC will reject it with a 429 return code. The client should wait before attempting the request again.

---