Abuse Prevention
AIdenID is designed to be developer-friendly while preventing abuse. Multiple layers of protection ensure fair usage across every tier.
Rate limiting
Per-plan rate limits are enforced at the API gateway level. Every response includes rate-limit headers so you can track your remaining budget:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
When you exceed the limit, the API returns a 429 Too Many Requests response with retryable: true. Implement exponential backoff and respect the X-RateLimit-Reset header.
| Plan | Requests/min | Burst |
|---|---|---|
| Free agent | 10 | 3 |
| Free human trial | 30 | 5 |
| Starter | 60 | 10 |
| Growth | 300 | 50 |
| Pro | 1,000 | 100 |
| Enterprise | Custom | Custom |
IP-based controls
The free tier is keyed to the caller's IP address. Each IP is limited to one active identity at a time. This prevents bulk identity creation without authentication and ensures the free tier remains useful for legitimate single-use cases without being exploited for large-scale operations.
Identity quotas
Each plan enforces a maximum number of active identities. When you reach the limit, the API returns a 403 with the quota_exceeded error code. You must squash or wait for existing identities to expire before creating new ones.
Bulk creation operations also have plan-specific batch size limits. For example, Starter plans can create up to 5 identities per batch call, while Pro plans support up to 50. See Plans & Limits for the full breakdown.
OTP budget
Human trial accounts are limited to 3 total OTP deliveries across all identities. This prevents trial accounts from being used for large-scale verification abuse. Once the OTP budget is exhausted, the account must upgrade to a paid plan to continue receiving extractions.
Without an OTP budget, a bad actor could create a trial account and use it to verify hundreds of accounts on third-party services. The 3-OTP limit is enough to evaluate AIdenID without enabling abuse.
Disposable email detection
When a consumer signs up for an AIdenID account, the signup flow blocks known disposable email providers. This prevents recursive abuse — using a disposable email address to sign up for AIdenID in order to generate more disposable email addresses. Only real, non-disposable email addresses are accepted for account registration.
Trial protections
Several protections are in place to prevent trial abuse:
- One trial per organization email. Each unique email address can only start one trial. Creating a new organization with the same email will not grant a second trial.
- Auto-downgrade on expiry. When a trial expires, the organization is automatically downgraded. No lingering access to paid features.
- Excess identity squashing. On downgrade, if the account has more active identities than the free tier allows, excess identities are automatically squashed (newest first).
Domain freezing
Platform administrators can freeze domains that are flagged by downstream email providers for abuse or deliverability issues. When a domain is frozen:
- New identity creation on that domain is blocked
- Existing identities on the domain stop accepting inbound email
- Downstream traffic (webhook deliveries, SSE streams) for identities on the frozen domain is paused
Domain freezing is an admin-level operation used to protect platform reputation and deliverability. Frozen domains can be unfrozen once the underlying issue is resolved.
Legal holds
AIdenID implements a fail-closed legal hold system. When a legal hold is placed on an identity or set of identities:
- Identity data is preserved and cannot be squashed or deleted, even if the TTL expires
- The lifecycle engine skips held identities during automated expiration sweeps
- Held identities are excluded from bulk squash operations
- Only platform administrators with legal-hold permissions can place or remove holds
Legal holds are fail-closed: if there is any ambiguity about whether a hold applies, the system errs on the side of preservation. Data is never destroyed while a hold is in effect.