Authorization-related WAF rules now documented

We’ve updated our Rate Limiting article to include details on authorization-related WAF rules.

These infrastructure-level protections are triggered by repeated failed authentication or permission requests (e.g., HTTP 401 or 403) and are enforced by our Web Application Firewall (WAF). While separate from standard rate limits, they can affect integrations if not handled properly.

The article outlines what triggers a block, how long it lasts, and best practices to avoid it, helping developers build more resilient and compliant integrations.

To learn more, see Authorization-based blocking (WAF limits).

📘

Want to stay updated?
Subscribe to our changelog RSS feed to get notified when we update our documentation or release new features.