Corrective action: Improve `API::Helpers::RateLimiter#check_rate_limit!` to reuse `too_many_requests!` and return appropriate `Retry-After` header

The API::Helpers::RateLimiter#check_rate_limit! helper method is not leveraging the existing too_many_requests! helper method and instead calling render_api_error! directly. It therefore misses the opportunity to pass the Retry-After header that would allow clients (such as the GitLab Runner) to know in advance how much time to wait before calling again, to avoid hitting the rate limit again for no reason.

We could easily implement it with something like:

diff --git a/lib/api/helpers/rate_limiter.rb b/lib/api/helpers/rate_limiter.rb
index 3493e48015ad..2a7bc423ada4 100644
--- a/lib/api/helpers/rate_limiter.rb
+++ b/lib/api/helpers/rate_limiter.rb
@@ -16,7 +16,12 @@ def check_rate_limit!(key, scope:, **options)
 
         return yield if block_given?
 
-        render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
+        interval_value = interval(key) || 1.minute
+
+        too_many_requests!(
+          _('This endpoint has been requested too many times. Try again later.'),
+          retry_after: interval_value
+        )
       end
 
       def check_rate_limit_by_user_or_ip!(key, **options)

Edited Sep 26, 2025 by 🤖 GitLab Bot 🤖

Corrective action: Improve API::Helpers::RateLimiter#check_rate_limit! to reuse too_many_requests! and return appropriate Retry-After header

Corrective action: Improve `API::Helpers::RateLimiter#check_rate_limit!` to reuse `too_many_requests!` and return appropriate `Retry-After` header