From 1e2c9d9b74fdbd07ff76d9e40b7dc3cfd5afaf03 Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Fri, 27 Mar 2026 14:02:43 -0400 Subject: [PATCH] docs(idaa): document Novi API rate limits and backoff behavior 20 calls/sec, 600/min, 100k/day. Notes the 10s flat backoff + single retry and the 5-min TTL cache that prevents normal-use rate limiting. Co-Authored-By: Claude Sonnet 4.6 --- documentation/CLIENT__IDAA_and_customized_mods.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/documentation/CLIENT__IDAA_and_customized_mods.md b/documentation/CLIENT__IDAA_and_customized_mods.md index d46a7168..819ee6cc 100644 --- a/documentation/CLIENT__IDAA_and_customized_mods.md +++ b/documentation/CLIENT__IDAA_and_customized_mods.md @@ -148,6 +148,8 @@ This section documents the exact way Aether uses the Novi API for the IDAA integ - **All-or-nothing policy:** If the Novi API key is not configured or the verification call fails, the Novi-based access path is denied. The layout explicitly prevents child routes from rendering while verification is in-flight to avoid flashing "Access Denied". +- **Rate limits (Novi API):** 20 calls/second · 600 calls/minute · 100,000 calls/day. The layout handles 429 responses with a 10-second flat backoff and one retry. If the retry also returns 429, access is denied and a "Reload / Retry" button is shown. The 5-minute TTL cache on successful verification prevents repeated calls during normal use. + ### Verification Flow (implementation) 1. The IDAA iframe loads Aether pages with a `?uuid=&iframe=true` param.