ACP-267: Primary Network validator uptime requirement increases from 80% to 90%.Read the proposal

Security & Limits

Rate limiting, CORS policy, and privacy information for AI endpoints

Rate Limiting

  • 60 requests per minute per client (identified by origin or IP address)
  • 429 status code with Retry-After header when exceeded
  • RateLimit headers included in responses (Limit, Remaining, Reset)

CORS Policy

Browser requests must originate from:

  • https://claude.ai
  • https://build.avax.network
  • http://localhost:3000 (development only)

Non-browser MCP clients (no Origin header) are always allowed.

Privacy

We collect anonymized usage metrics including:

  • Tool names and invocation counts
  • Search result counts (not full query text)
  • Latency measurements
  • Client names (e.g., "claude-desktop")

We do NOT log:

  • Full query text (truncated to 100 characters)
  • Document content
  • Raw IP addresses (hashed for rate limiting)

Abuse Reporting

Report security issues or abuse to: [email protected]

Is this guide helpful?

MCP Server

Search and retrieve Avalanche documentation dynamically via Model Context Protocol

On this page

Rate Limiting
CORS Policy
Privacy
Abuse Reporting

Page Actions

Edit on GitHubReport Issue