About CORS bypass, APIs, and rate limiting

ColinL · December 3, 2024, 4:29pm

Hello everyone in this great community!

I use the REST API plugin by setting the CORS bypass to true to call endpoints that have no authentication but rate limiting. If I don’t do this, I get a CORS related error.

I imagine that the endpoint server controls the rate limiting from the IP of the calls. Is this how it works?

So, when I go through the Weweb server with the CORS bypass setting, do all my users’ calls to the endpoint have the same IP address? At the risk of reaching rate limitation too quickly?

Or does each user have their own rate limitation for calls to that same endpoint?

I’m not sure I have a good handle on what I’m doing!

Broberto · December 3, 2024, 7:23pm

I think it’s the IP of that server. You should route it through your own backend, or just set up the CORS properly. Rate limits usually apply to credentials, not so often to IP addresses.

Topic		Replies	Views
Is there any way to go around cors? Ask us anything	17	135	September 11, 2024
Avoid CORS errors and send credentials Ask us anything authentication	9	629	August 14, 2023
Fetch User for Token Based Authentication does not work for server side APIs How do I?	6	752	September 21, 2022
IP that the rest api plugin uses to make requests Ask us anything	0	77	February 18, 2024
Rest API call self hosting error Ask us anything	6	63	September 19, 2024

About CORS bypass, APIs, and rate limiting

Related topics