Rate Limits
Last updated: 2026-07-06
Rate Limits
HaMi Code Việt applies rate limits to protect the system from abuse. Limits are enforced via Cloudflare Durable Objects, ensuring global consistency.
Limit Table
| Endpoint | Limit |
|---|---|
| Login | 10 / 10 min / IP, 5 / 15 min / email |
| Signup | 5 / hour / IP, 3 / hour / email |
| Forgot password | 3 / hour / IP, 3 / hour / email |
| Resend verification | 3 / hour / account |
| OAuth Google | 30 / 10 min / IP |
| Guardian declare | 5 / day / IP, 3 / day / learner |
| Guardian action | 10 / hour / account |
| Consent grant | 20 / hour / account |
| Payment checkout | 10 / 10 min / account |
| Payment capture | 10 / 10 min / account |
| Admin write | 60 / min / account |
| Contact form | 5 / hour / IP |
| AI message | 30 / min / account |
| AI conversation create | 10 / hour / account |
| GDPR deletion | 3 / hour / account |
| Refund request | 5 / hour / account |
| Content create | 20 / hour / account |
| Code submit (CodeLab) | 30 / min / account |
| General API | 100 / min / IP |
Response Headers
X-RateLimit-Limit— Maximum limitX-RateLimit-Remaining— Remaining requestsX-RateLimit-Reset— Reset time (Unix timestamp)
When Rate Limited
When you exceed the limit, the API returns HTTP 429 with body:
{
"error": "rate_limited",
"message": "Too many requests.",
"retryAfter": 60
}Wait retryAfter seconds before retrying.