Skip to main content

Ingress Rate limits

This controls how many events Convoy can ingest per second across the instance for routes that use the instance ingest limiter (message brokers, event-creation APIs, and related ingest paths). Configure it with instance_ingest_rate in convoy.json, the environment variable CONVOY_INSTANCE_INGEST_RATE, or the root CLI flag --instance-ingest-rate. The default in config/config.go is 1000 events per second unless you override it. This value limits the number of:
  • Messages read off message brokers
  • Events created via API (direct, dynamic, fan-out, broadcast).
Reaching this limit will cause requests to receive a 429 (Rate Limit Exceeded) error response for APIs that create events.

Egress Rate Limits

This controls how many events Convoy can send per second. There is no instance wide configuration, instead egress rates are configured per endpoint. (This might change in the future)

HTTP API Rate Limits

This controls how many HTTP requests per second Convoy allows on routes protected by the HTTP API rate limiter. Configure it with api_rate_limit in convoy.json, CONVOY_API_RATE_LIMIT, or --api-rate-limit. The default in code is 1000 requests per second. This includes:
  • Headless control plane APIs (used for managing project resources).
  • Some ingest HTTP routes that share this limiter (see server routing in the Convoy repo for details).
Reaching this limit will cause affected requests to receive a 429 (Rate Limit Exceeded) error response.
Requests made to the Convoy instance via the UI don’t count towards rate limits.

Technical Details

Rate limits are stored in Redis and are prefixed by rate:

Validating Rate Limits

To test and ensure your rate limits are adequately configured for your scale:
  • Configuration Inspection: Check your convoy.json config, environment variables (CONVOY_API_RATE_LIMIT, CONVOY_INSTANCE_INGEST_RATE), or Helm values for your cluster limits. By default both are set to 1000.
  • Load Testing: Use tools like k6, hey, or vegeta to send bursts (>1000 requests/sec) to the Convoy ingest API. The API will respond with an HTTP 429 Too Many Requests status code once the limit is breached.
  • Metrics: Utilize the exposed Prometheus metrics or traces to observe 429 responses and dropped/throttled events during high throughput times.