# Ratelimit

Source: https://kart.bnomei.com/docs/forms/ratelimit
Updated: 2025-08-08T14:06:09+00:00
Summary: Secure your Kart plugin endpoints with default 60 requests/min rate limit, encrypted IP storage. Excess requests return HTTP 429 errors until one hour passes.

## Protecting Endpoints

All public-facing endpoints of the Kart plugin are protected by a rate limit, with a default of `60 / minute.` This means that after hitting `60` requests, any further requests will be blocked with a `429`-HTTP status error code until one hour has passed.

The stored data is an encrypted version of the visitor's IP address.

Here is an example of how you could use the rate limit in your own custom endpoint.

Path: site/config/config.php  
Code (php):  
```
<?php

use \Bnomei\Kart\Router;

return [
   'routes' => [
        [
            'pattern' => 'my/endpoint',
            'method' => 'POST',
            'action' => function () {
                if ($r = Router::denied()) { // blacklist, csrf, ratelimit
                    return $r;
                }

                // DO STUFF

                // then redirect
                Router::go();
            },
        ],
    ],
    // other options
];
```