Skip to main content

Acceptable Use Policy

The purpose of this policy is to outline the acceptable use of the LoginRadius Identity Platform. These rules are in place to protect the user and the LoginRadius Identity Platform. Inappropriate use exposes risks to user accounts, including performance, security, and platform availability.

If you exceed the rate limits for a set of API calls, you will receive the error message Too many requests with the 429 HTTP status on any subsequent API calls to this endpoint. For more information about HTTP codes refer to customer identity API codes document.

If your app exceeds the API rate limits, you should refrain from making further requests to the endpoint until the rate limit threshold resets.

Customer Identity API Rate Limits

The following default API rate limits apply to the Customer Identity APIs for the customer with Enterprise CIAM platform only.

Production Environment:

Acceptable Usage

TypeDescriptionUpto 10M>10M
Platform# of production apps1050
Platform# of test apps2050
Platform# of API Secrets per account515
Identity# Core API Requests per second50100
Identity# of searches per second1050

Note: LoginRadius support additional API requests per second (RPS) scaling requirements. If you require additional API RPS scaling, please reach out to your account manager or create a support ticket.

Development/Staging Environment:

TypeDescriptionUpto 10K
Platform# of test apps30
Platform# of app keys per account30
Identity# Core API Requests5
Identity# of searches per second5
Profile# of profile records10,000

Load, Stress and Performance Testing

Any testing of the LoginRadius platform must be coordinated through the dedicated Account manager or the LoginRadius support team.

Failure to coordinate testing with the appropriate LoginRadius team will activate built-in security mechanisms that may restrict your access to the platform.

Security Testing and Network Penetration

LoginRadius regularly performs system security tests as part of our commitment to protect your customer data. LoginRadius does not authorize anyone to perform security tests or network penetration without prior explicit consent. If you would like to review our system reports or obtain more details on LoginRadius security testing or the network penetration process, contact your dedicated Customer Success Manager, who can facilitate your request.

Infrastructure Standards

Web Application Firewall(WAF)

LoginRadius APIs are protected by a robust web application firewall to protect data and applications. We follow OWASP top 10 rules in our systems WAF.

Refer to the link for more details: https://owasp.org/www-project-top-ten/

HTTP Standards

We strictly adhere to HTTP standards to ensure maintainability and consistency. For example, if an HTTP method name is passed in lowercase, the system will reject the request.

Refer to the following link for more details: https://tools.ietf.org/html/rfc2616

Always HTTPS

Our system requires all LoginRadius API calls to be made over SSL, as HTTP without SSL is not supported.

No support of TLS 1.0 and 1.1

Our system does not support legacy versions of TLS and ensures that all requests are made via TLS 1.2 or greater.

Server Name Indication (SNI) SSL

Our system only supports SNI SSL and all of our servers are configured using SNI only.