IP-based submission rate limiting

The IP-based submission rate-limiting feature controls the number of payment form submissions from a single IP address, enhancing security by preventing excessive submissions.

The IP-based submission rate limiting feature is a tenant-level security measure. It limits the number of times a payment form can be submitted from the same IP address within a time range.

This feature is enabled by default for your payment form. To access and configure this feature, complete the following steps:

Navigate to Settings > Payments > Payment Form .
On the Payment Forms page, click Security Preferences in the upper right.
In the Security Preferences dialog, configure the following settings for your needs:
- Submission limit per minute : The number of times a payment form can be submitted per minute from the same IP.
- Submission limit per hour : The number of times a payment form can be submitted per hour from the same IP.
- IP Whitelist : The whitelisted IP ranges that are not subject to the IP-based submission rate limiting configuration. You can specify a maximum of 50 IPv4 address ranges or 20 IPv6 address ranges.

For scenarios such as call center agents, it is recommended to include approved IP addresses in the IP whitelist, instead of increasing the rate limiting values, to avoid any disruptions to legitimate service.

If the number of submissions exceeds the thresholds, an error occurs. No more submissions are accepted from the same IP until the beginning of the next time period.

Welcome to Zuora Product Documentation

Explore our rich library of product information

IP-based submission rate limiting

zuora-footer