> ## Documentation Index
> Fetch the complete documentation index at: https://archie.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Network

> Configure CORS and rate limiting settings for your project.

The Network settings page controls how your app handles incoming requests — which origins can call its API, and how aggressively to rate-limit traffic. The settings here are project-wide defaults, scoped per [environment](/features/backend/environments/overview). For per-route overrides on a specific endpoint, configure CORS and rate limits on the route itself in [Custom APIs](/features/backend/app-services/custom-apis).

## CORS configuration

Cross-Origin Resource Sharing (CORS) controls which web origins are allowed to call your API from a browser. Add the origins you trust:

* `https://yourapp.com`
* `https://*.yourapp.com` (subdomain wildcards)
* `http://localhost:3000` (local development)

## Rate limiting

Set per-route or global limits to protect your API from abuse and runaway clients:

* **Global limit** — total requests per minute
* **Per-IP limit** — requests per minute from a single IP
* **Per-key limit** — requests per minute per API key
* **Burst** — short-term spike allowance

## When to tighten

* After launch, when traffic patterns are stable
* If you see abuse from specific origins or IPs
* When introducing public APIs
* Before announcing a high-traffic event

## FAQ

<AccordionGroup>
  <Accordion title="Does Archie rate-limit by default?">
    Yes — sensible defaults apply. Tighten or relax as your app's needs require.
  </Accordion>

  <Accordion title="What HTTP status code is returned when rate-limited?">
    429 Too Many Requests, with a `Retry-After` header. {/* VERIFY: confirm header behavior */}
  </Accordion>
</AccordionGroup>