Rate Limits

Last updated: 2026-07-06

Rate Limits

HaMi Code Việt applies rate limits to protect the system from abuse. Limits are enforced via Cloudflare Durable Objects, ensuring global consistency.

Limit Table

EndpointLimit
Login10 / 10 min / IP, 5 / 15 min / email
Signup5 / hour / IP, 3 / hour / email
Forgot password3 / hour / IP, 3 / hour / email
Resend verification3 / hour / account
OAuth Google30 / 10 min / IP
Guardian declare5 / day / IP, 3 / day / learner
Guardian action10 / hour / account
Consent grant20 / hour / account
Payment checkout10 / 10 min / account
Payment capture10 / 10 min / account
Admin write60 / min / account
Contact form5 / hour / IP
AI message30 / min / account
AI conversation create10 / hour / account
GDPR deletion3 / hour / account
Refund request5 / hour / account
Content create20 / hour / account
Code submit (CodeLab)30 / min / account
General API100 / min / IP

Response Headers

When Rate Limited

When you exceed the limit, the API returns HTTP 429 with body:

{
  "error": "rate_limited",
  "message": "Too many requests.",
  "retryAfter": 60
}

Wait retryAfter seconds before retrying.