diff --git a/README.md b/README.md
index 2b2e6e7..1e4f637 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,18 @@ The TrueNAS websocket client provides the command line tool `midclt` and the mea
 
 By default, communication facilitated by the API between the client and middleware now uses the [JSON-RPC 2.0](https://www.jsonrpc.org/specification) protocol. However, it is still possible to use the legacy client by passing a legacy uri, e.g. `'ws://some.truenas.address/websocket'` as opposed to `'ws://some.truenas.address/api/current'`.
 
+## API Rate Limits
+
+**NOTE:**
+
+The TrueNAS API enforces strict security checking and auditing in place to detect and prevent brute force or malicious API behavior. 
+
+Connections to the API are currently limited to 20 Auth attempts AND/OR unauthenticated API requests in a 60 second period (subject to future change). Exceeding this limit results in a 10-minute rate limit cooldown before API connections can be re-established. 
+
+Developers are highly recommended to architect their tools in a way that uses a single persistent websocket connection that remains connected for subsequent API calls to be issued without a re-auth.
+
+Developers that need to issue large quantities of subsequent operations (example: massive bulk dataset creations) are highly encouraged to leverage the `core.bulk` endpoint for queuing actions.
+
 ## Getting Started
 
 TrueNAS comes with this client preinstalled, but it is also possible to use the TrueNAS websocket client from a non-TrueNAS host.