Rate Limits & Security
Limits are tracked per endpoint. A key with a 5-connection-per-IP cap can hold 5 connections on wss://cryptolisting.ws and 5 on wss://kr.cryptolisting.ws simultaneously (10 total). Cooldowns also apply per endpoint.
Connection limits
Per IP (any key)
| Limit | Value |
|---|---|
| Concurrent connections | 20 |
| New connections | 10 / minute |
Per API key
| Limit | Value |
|---|---|
| Connections per IP | 5 |
| Distinct IPs | configurable |
| Absolute connections (all IPs) | 20 |
| Connection cooldown | 5 s per IP |
Distinct IPs is set by the administrator at key creation.
429 error codes (handshake)
The server returns HTTP 429 with a JSON body whose error field tells you which limit you tripped:
| Error | Cause | Action |
|---|---|---|
connection_rate_limit_exceeded | Your IP opened > 10 connections in 60 s (any key) | Back off; retry after the window |
per_ip_concurrent_limit_reached | Your IP holds 20 concurrent connections (any key) | Close unused connections |
per_ip_connection_limit_reached | This IP holds 5 connections for this specific key | Close one before opening another |
max_distinct_ips_reached | Key already in use from its max distinct IPs | Request a higher cap |
absolute_connection_cap_reached | Key hit the 20-total ceiling | Cap is fixed — use a second key |
connection_cooldown | Same key + IP reconnecting within 5 s | Wait retry_after_s (5) |
Client message limits
| Limit | Value | On excess |
|---|---|---|
| Message rate | 3 / minute | Connection closed (rate_limit_exceeded) |
| Frame size | 1 KB | Connection closed (frame_too_large) |
| Test rate | 1 / minute | Error response (test_rate_limited) |
The test rate is shared across all connections sharing a key. Excess returns an error message, not a disconnect — see Test Announcement.
Security
- All connections use TLS (WSS).
- Keys can be revoked instantly. Active sessions close with
1000 key_invalidated. - Keys with an expiration date are rejected after expiry. Active sessions close with
1000 key_expired.