Ratelimit

Protecting Endpoints

All public-facing endpoints of the Kart plugin are protected by a rate limit, with a default of 60 / minute. This means that after hitting 60 requests, any further requests will be blocked with a 429-HTTP status error code until one hour has passed.

The stored data is an encrypted version of the visitor's IP address.

Here is an example of how you could use the rate limit in your own custom endpoint.

site/config/config.php
<?php

use \Bnomei\Kart\Router;

return [
   'routes' => [
        [
            'pattern' => 'my/endpoint',
            'method' => 'POST',
            'action' => function () {
                if ($r = Router::denied()) { // blacklist, csrf, ratelimit
                    return $r;
                }

                // DO STUFF

                // then redirect
                Router::go();
            },
        ],
    ],
    // other options
];
Simple CAPTCHA Delete Account
Resources
Legal
Support
Services
Kirby Kart is not affiliated with the developers of Kirby CMS. We are merely standing on the shoulder of giants.
© 2026 Bruno Meilick All rights reserved.