FormLoom

Rate limiting

Glossary

A mechanism that caps how many requests a single IP or key can make in a time window — prevents abuse.

Definition

Rate limiting restricts the number of requests from a single source (IP address, access key) within a sliding time window. FormLoom applies per-IP and per-key rate limits to the submit endpoint using Upstash Redis (in-memory fallback when Redis is not configured). This prevents both manual flooding and scripted submission attacks without blocking legitimate traffic.

Why it matters for form backends

Free form endpoints without rate limiting are a target for abuse. FormLoom's limits are enforced before spam scoring and email delivery, keeping abuse costs low.

FAQ

FormLoom returns a 429 Too Many Requests response. Legitimate contact forms rarely hit the limit; bots do.

Related terms

Ready to put this into practice?

Add a form to your site in minutes — free access key, copy-paste snippet.

Rate limiting — form backend glossary · FormLoom