Rate Limits & Constraints
API rate limits, validation rules, and operational constraints for the Open VTS API.
Rate Limits
Certain endpoints enforce rate limits to prevent abuse and ensure platform stability. When exceeded, the API returns 429 Too Many Requests.
POST /auth/forgot-password3 per 15 min per identifierPOST /auth/reset-password5 attempts per tokenFile uploads5 MB max per file, 5 files maxCSV exports50,000 rows maxCalendar events62-day range maxBulk operationsProgress via SSE streamValidation Rules
Input values are validated server-side. Requests that violate these rules receive a 400 Bad Request with a descriptive error message.
| Type | Rule |
|---|---|
| Passwords | 6–72 characters |
| IMEI | 5–20 digits |
| RFC-compliant format | |
| Coordinates | Lat: -90 to +90, Lon: -180 to +180 |
| Dates | ISO 8601 format |
| Images | PNG, JPEG, JPG, WebP |
| Documents | PDF, JPEG, PNG, WebP, DOCX, DOC |
| Currency | ISO 4217 (3 letters) |
| Country | ISO 3166-1 alpha-2 |
Operational Notes
Bulk operations (e.g. CSV import) stream progress via Server-Sent Events (SSE).
CSV exports are limited to 50,000 rows to prevent memory exhaustion.
Calendar and history queries are capped at a 62-day date range.
File uploads accept a maximum of 5 files at 5 MB each.
Password reset tokens are single-use and expire after the attempt limit.