Protecting Your Bynder Portal with AWS Web Application Firewall (WAF)

To better protect your Bynder portal and ensure a safer user experience, we have integrated AWS Web Application Firewall (AWS WAF) into Bynder. Discover how this helps keep your portal secure.

How to Enable AWS Web Application Firewall?

AWS WAF is automatically enabled for clients using our CDN. No additional configuration is required. If you are not yet on our CDN, please connect with Customer Support for more information. 

What is AWS Web Application Firewall?

AWS Web Application Firewall (AWS WAF) analyzes all incoming traffic on our servers in real time. It protects against common attacks, such as SQL injections, DDoS attacks, and Cross-Site Scripting (XSS), which could compromise security and impact the availability of our systems. Read more about AWS Web Application Firewall here.

Top 10 Security Risks Protected by AWS WAF

AWS WAF shields your portal from the top 10 security risks. This list is compiled by the Open Web Application Security Project (OWASP). Learn more about OWASP’s security risks here.

• Injections
• Broken Authentication
• Sensitive Data Exposure
• XML External Entities (XXE)
• Broken Access Control
• Security Misconfiguration
• Cross-Site Scripting (XSS)
• Insecure Deserialization
• Using Components with Known Vulnerabilities
• Insufficient Logging & Monitoring
• Additionally, AWS WAF blocks excessive resource usage by enforcing an API rate limit, ensuring seamless performance for all customers.

API Rate Limiting

Bynder enforces a limit of 4,500 API requests per five-minute window per public IP address. This includes both original requests and retries.
To stay safely within this limit, we recommend keeping your request rate around 10 requests per second. This allows room for occasional retries without exceeding the threshold.
When updating asset metadata, include all changes for a single asset in one POST /v4/media/{assetId} request to reduce the total number of calls. For transient server errors (e.g., 5xx responses), implement exponential back-off with jitter. If you receive a 429 Too Many Requests response, pause all requests for five minutes before retrying.
Following these guidelines will help ensure your integration runs reliably without interruptions or unintended impact on other systems.

Updated April 30, 2026 12:35