Rate limiting
GlossaryA mechanism that caps how many requests a single IP or key can make in a time window — prevents abuse.
Definition
Rate limiting restricts the number of requests from a single source (IP address, access key) within a sliding time window. FormLoom applies per-IP and per-key rate limits to the submit endpoint using Upstash Redis (in-memory fallback when Redis is not configured). This prevents both manual flooding and scripted submission attacks without blocking legitimate traffic.
Why it matters for form backends
Free form endpoints without rate limiting are a target for abuse. FormLoom's limits are enforced before spam scoring and email delivery, keeping abuse costs low.
FAQ
FormLoom returns a 429 Too Many Requests response. Legitimate contact forms rarely hit the limit; bots do.
Related terms
Ready to put this into practice?
Add a form to your site in minutes — free access key, copy-paste snippet.