[Feature] New Webhook Event: Rate limiting event

[mooreds]

Add a new Webhook event when rate limiting event occurs

Problem

Rate limiting happens, but there's limited insight into when it happens. I want to know more.

Solution

Fire a webhook when the rate limiting event happens.

Ideally when we rate limit a request we would emit an event such as user.rate-limited or rate-limited with context such as the user, and what they are doing that was rate limited.

Today we have the following rate limit configurations / events:

• failedLogin
• forgotPassword
• sendEmailVerification
• sendPasswordless
• sendRegistrationVerification
• sendTwoFactor

So perhaps this would be the reason information in the event.

Alternatives/workarounds

You could just log to the event log or audit log. This might be a simpler implementation, with the same benefits, because someone could turn on those webhooks and get what they needed.

Additional context

This was a feature I thought of when examining advanced threat detection in more detail. Not a customer request.

Related

• Emit an even for rate limiting events  #2940

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.