Acceptable Use Policy
The purpose of this policy is to outline the acceptable use of the LoginRadius Identity Platform. These rules are in place to protect the user and the LoginRadius Identity Platform. Inappropriate use exposes risks to user accounts, including performance, security, and platform availability.
If you exceed the rate limits for a set of API calls, you will receive the error message Too many requests with the 429 HTTP status on any subsequent API calls to this endpoint. For more information about HTTP codes refer to customer identity API codes document.
If your app exceeds the API rate limits, you should refrain from making further requests to the endpoint until the rate limit threshold resets.
Customer Identity API Rate Limits
The following default API rate limits apply to the Customer Identity APIs for the customer with Enterprise CIAM platform only.
Production Environment:
Acceptable Usage
| Type | Description | Upto 10M | >10M |
|---|---|---|---|
| Platform | # of production apps | 10 | 50 |
| Platform | # of test apps | 20 | 50 |
| Platform | # of API Secrets per account | 5 | 15 |
| Identity | # Core API Requests per second | 50 | 100 |
| Identity | # of searches per second | 10 | 50 |
Note: LoginRadius support additional API requests per second (RPS) scaling requirements. If you require additional API RPS scaling, please reach out to your account manager or create a support ticket.
Development/Staging Environment:
| Type | Description | Upto 10K |
|---|---|---|
| Platform | # of test apps | 30 |
| Platform | # of app keys per account | 30 |
| Identity | # Core API Requests | 5 |
| Identity | # of searches per second | 5 |
| Profile | # of profile records | 10,000 |
Load, Stress and Performance Testing
Any testing of the LoginRadius platform must be coordinated through the dedicated Account manager or the LoginRadius support team.
Failure to coordinate testing with the appropriate LoginRadius team will activate built-in security mechanisms that may restrict your access to the platform.
Security Testing and Network Penetration
LoginRadius regularly performs system security tests as part of our commitment to protect your customer data. LoginRadius does not authorize anyone to perform security tests or network penetration without prior explicit consent. If you would like to review our system reports or obtain more details on LoginRadius security testing or the network penetration process, contact your dedicated Customer Success Manager, who can facilitate your request.
Infrastructure Standards
Web Application Firewall(WAF)
LoginRadius APIs are protected by a robust web application firewall to protect data and applications. We follow OWASP top 10 rules in our systems WAF.
Refer to the link for more details: https://owasp.org/www-project-top-ten/
HTTP Standards
We strictly adhere to HTTP standards to ensure maintainability and consistency. For example, if an HTTP method name is passed in lowercase, the system will reject the request.
Refer to the following link for more details: https://tools.ietf.org/html/rfc2616
Always HTTPS
Our system requires all LoginRadius API calls to be made over SSL, as HTTP without SSL is not supported.
No support of TLS 1.0 and 1.1
Our system does not support legacy versions of TLS and ensures that all requests are made via TLS 1.2 or greater.
Server Name Indication (SNI) SSL
Our system only supports SNI SSL and all of our servers are configured using SNI only.