Skip to main content
Modelence includes built-in rate limiting on all authentication endpoints to protect against brute force attacks and abuse.

Default Rate Limits

  • Signup: 20 attempts per 15 minutes, 200 per day (per IP)
  • Login: 50 attempts per 15 minutes, 500 per day (per IP)
  • Email Verification: 1 per 60 seconds, 10 per day (per user)
These limits are automatically enforced and will throw a RateLimitError when exceeded.

Handling Rate Limit Errors

import { loginWithPassword } from 'modelence/client';
import { RateLimitError } from 'modelence';

async function handleLogin(email: string, password: string) {
  try {
    await loginWithPassword({ email, password });
  } catch (error) {
    if (error instanceof RateLimitError) {
      console.error('Too many attempts. Please try again later.');
    } else {
      console.error('Login failed:', error.message);
    }
  }
}

Disposable Email Detection

Aside from rate limiting, Modelence also includes automatic protection against 100k+ disposable email services, and keeps a periodically updated dataset of all disposable email providers.
For defining custom rate limits on your own modules, see Rate Limiting.