OWASP API Security Top 10 2019 Checklist

2.1.x

lack-of-resources-and-rate-limiting-too-many-requests

general > lack-of-resources-and-rate-limiting-too-many-requests

Guidance

Notify the client when the rate limit is exceeded by providing the limit number and the time when the limit will

be reset. Also, define an appropriate '429' status code response.

Message

Operation '{{apiContract.method}}' has a 200 response but does not have an accompanying 429 (Too Many Requests) response.

Examples

valid

/events:
  get:
    responses:
      200:
          body:
            application/json:
              type: string
              example: Hello!
      429:
          description: Rate Limit!
          body:
            application/json:
              type: string
              example: wait 10 seconds!

invalid

/events:
  get:
    responses:
      200:
          body:
            application/json:
              type: string
              example: Hello!

Applies to Operation

Constraint

Type: Declarative Validation
TypeRuleset
OrganizationMuleSoft
Published by
MuleSoft Organization
Published onNov 29, 2023

Asset versions for 2.1.x

Version
2.1.0

Tags

specification