frisbee - rate limits | Stripe Developers | Page 1

placid silo Mar 21, 2022, 2:30 PM

#

Hello

#

You can try to track down requests here: https://dashboard.stripe.com/logs

#

That might give you some insight into where the volume is coming from so you can optimize

#

If your user volume is sufficiently high enough to warrant a rate limit increase, I recommend reaching out to support: https://support.stripe.com

shadow girder Mar 21, 2022, 2:38 PM

#

I am looking through the logs and we suspect that someone may be spamming stripe on our behalf with a lot of failed credit card attempts. Is there anything we can do to block them?

placid silo Mar 21, 2022, 2:40 PM

#

If they are using your API key to make these requests, then you can roll your keys (you will need to update the keys in your config): https://stripe.com/docs/keys

#

Specifically this section: https://stripe.com/docs/keys#rolling-keys

shadow girder Mar 21, 2022, 2:41 PM

#

They're using our app and going through stripe checkout with failed credit cards

placid silo Mar 21, 2022, 2:42 PM

#

The rate limit in live is 100 req/sec

#

If it looks like bogus requests, then that would have to be a distributed attack

shadow girder Mar 21, 2022, 2:43 PM

#

Yes. Looking at the Ip, they look distributed.

#

But they're using the same name and email address

placid silo Mar 21, 2022, 2:55 PM

#

Gotcha. From your end, you can block the associated IPs with the attack on a deny list, but I recommend you contact support for further help on this: https://support.stripe.com

#frisbee - rate limits