Learn how to enhance the security of your flows with rate limiting rules or protecting your endpoint API with a secret key.
By default, when you enable the endpoint URL of your flow, anyone that knows the URL can execute it by sending a POST request. If you enable the Protect endpoint with secret option, your flow will require a secret key that should be passed as a Bearer token to execute the flow:
Rate limiting rules with temporarily block IPs run when they exceed any of the rules you specify. You can define a maximum number of requests per interval (Minutes, hours or days). Please, notice the following considerations:
- Blocked requests will not appear in your Executions tab.
- The time interval can't be longer than 7 days, 168 hours or 10,080 minutes.
- You can apply up to 5 rules.
We will automatically use (as the client IP for your request) the IP address of the user that interacts with the form or the IP of the user that makes a request to the endpoint. If you execute this flow as a standalone product, you can use X-Forwarded-For header to forward the originating client's IP address. There are rare cases where the client's IP cannot be provided using the previous header, for those cases, Arengu supports a custom HTTP header X-Arengu-Client-Ip.