You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some sort of API rate limiting should be imposed somehow to prevent excessive spam.
Perhaps a small PoW with each request, or after a certain number of requests per minute with the same IP.
On the same note, with merchants who use XPUB, it is possible to send more than 20 requests to /pay without the intention of ever paying the invoices. In these cases, 20 XPUB addresses are missed in a row which exceeds the max receipt gap in most BIP44 wallets.
This is tricky, but maybe we could do a mod-20 or something (which wouldn't work for extremely high-volume merchants), or re-use addresses that belong to invoices that haven't been paid in a while.
The text was updated successfully, but these errors were encountered:
Some sort of API rate limiting should be imposed somehow to prevent excessive spam.
Perhaps a small PoW with each request, or after a certain number of requests per minute with the same IP.
On the same note, with merchants who use XPUB, it is possible to send more than 20 requests to
/paywithout the intention of ever paying the invoices. In these cases, 20 XPUB addresses are missed in a row which exceeds the max receipt gap in most BIP44 wallets.This is tricky, but maybe we could do a mod-20 or something (which wouldn't work for extremely high-volume merchants), or re-use addresses that belong to invoices that haven't been paid in a while.
The text was updated successfully, but these errors were encountered: