# Rate Limit

### Rate Limit for SMS and WhatsApp messages

We set a default rate limit for requests that requires a message to be sent via SMS or WhatsApp. The default limitation can be seen in the image below, and can be updated in the Dashboard under [Rules](https://dev.cotter.app/rules).

![Default Rate Limit Values in the Dashboard](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-M59sKb-iTJU8jkBVlca%2F-M59sYb03SzGvg_ePLNM%2Fimage.png?alt=media\&token=bfdddb49-58c7-409e-8377-2da936fd497b)

### Understanding the Rate Limit rules

The above rate limit rule means that within the last 5 minutes:

* there can be at most 10 requests with the same IP address as the current request
* there can be at most 5 requests with the same phone number as the current request
* there can be at most 5 requests with the same Session ID as the current request

{% hint style="info" %}
The Session ID is set in the user's `localStorage` in their browser. If the user clears their `localStorage` or go to a different browser, the Session ID will be different.
{% endhint %}

### Example

**Identifier Max: 5 requests -** Let's say you have made a request with phone number `+12345678910` 5 times within the last 5 minutes. The sixth time you make a request with phone number `+12345678910` within that 5 minutes, it will be blocked. However, once 5 minutes has passed since your first request, you can make a request with phone number `+12345678910`again.

**Session ID Max: 5 requests -** If you make 3 requests with phone number `+11111111111` and 2 requests with phone number `+3333333333`, and then make a request with phone number `+55555555555`within 5 minutes, all in the same browser, then the last request will be blocked. This is because your Session ID is the same for all 6 requests.