Add an API endpoint that returns a rate limited response
This would allow easy testing of code to properly handle a rate limit, without having developers intentionally exceed the rate limit in order to test.
https://api.pwnedpasswords.com/rate-limited/backoff
would return a 429 response with a Retry-After header with a a value = backoff. The backoff parameter is optional and if omitted you would return the default backoff seconds (2).
It is unclear whether the v2 api is rate limited. You state when describing the V2 API that it is not, but the section regarding rate limiting in the API docs does explicitly state that it doesn't apply to the V2 API. This suggestion is less useful if the rate limit does not affect the v2 API
Scott Wright
shared this idea
-
Hi Scott, the V2 API is definitely rate limited as described here: https://haveibeenpwned.com/API/v2
Have I incorrectly stated it's not somewhere? I'll fix that if so.
