Overview
Null Pass uses Arcjet for comprehensive request protection including rate limiting, bot detection, and shield protection.Protection Features
Rate Limiting
Rate Limiting
Token bucket algorithm prevents abuse by limiting requests per time window.Default Configuration:
- Most endpoints: Standard rate limit
- Registration/Login: 2 requests per bucket
- Password change: 2 requests per bucket
Bot Detection
Bot Detection
Arcjet analyzes request patterns to detect and block automated bots and scrapers.
Shield Protection
Shield Protection
Additional layer of protection against malicious requests and attacks.
Email Validation
Email Validation
Email validation for registration endpoint to prevent invalid or disposable emails.
Sensitive Info Detection
Sensitive Info Detection
Detects and blocks requests containing sensitive information like API keys or passwords.
Implementation
Code Reference
Protection Levels
Different endpoints use different protection levels:- Standard: Default Arcjet protection
- High: Registration, login, password change (2 requests per bucket)
Error Responses
When blocked by Arcjet, endpoints return:403 Forbidden
Configuration
Arcjet is configured via environment variables:Arcjet API key for authentication
Best Practices
Monitoring
Rate limit violations are logged:- Check application logs for Arcjet blocking events
- Monitor 403 responses for rate limit patterns
- Adjust protection levels if needed for legitimate use cases
Bypassing (Internal Only)
For internal testing or admin operations:- Use admin endpoints if available
- Contact system administrator for rate limit adjustments
- Use different IP addresses for testing (not recommended for production)