Announcements > API changes for DDoS protection February 22, 2017

On February 21st and 22nd Bitfinex was the target of a distributed denial-of-service (DDoS) attack that disrupted service for some users.

Prompt attention by the team limited the disruption to approximately 20 minutes. However, this incident highlights the importance of making further improvements to platform robustness against bad actors.

To improve defenses against such an attack, new request rate-limiting will be enabled for the Bitfinex REST APIs effective immediately.

If an IP address exceeds 90 requests per minute to the REST APIs, the requesting IP address will be blocked for 10-60 seconds and the JSON response {"error": "ERR_RATE_LIMIT"} will be returned. Please note the exact logic and handling for such DDoS defenses may change over time to further improve reliability.

For users who need high-frequency connections, please switch to the WebSockets APIs.