Skip to content
Snippets Groups Projects

Add breaking change for new default rate limits on user, project, group endpoints

Merged Joshua Lambert requested to merge jl-rate-limits-18-0 into master
All threads resolved!
Files
2
- title: "Rate limits for common User, Project, and Group API endpoints"
# The milestones for the deprecation announcement, and the removal.
removal_milestone: "18.0"
announcement_milestone: "17.4"
# Change breaking_change to false if needed.
breaking_change: true
# The stage and GitLab username of the person reporting the change,
# and a link to the deprecation issue
reporter: joshlambert
stage: systems
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/480914
impact: low # Can be one of: [critical, high, medium, low]
scope: instance # Can be one or a combination of: [instance, group, project]
resolution_role: Admin # Can be one of: [Admin, Owner, Maintainer, Developer]
manual_task: false # Can be true or false. Use this to denote whether a resolution action must be performed manually (true), or if it can be automated by using the API or other automation (false).
body: |
Rate limits will be enabled by default for commonly used [User](https://docs.gitlab.com/ee/administration/settings/user_and_ip_rate_limits.html),
[Project](https://docs.gitlab.com/ee/administration/settings/rate_limit_on_projects_api.html), and [Group](https://docs.gitlab.com/ee/administration/settings/rate_limit_on_groups_api.html) endpoints.
Enabling these rate limits by default can help improve overall system stability,
by reducing the potential for heavy API usage to negatively impact the broader user experience. Requests made above the rate
limit will return an [HTTP 429](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429) error code and [additional rate limit headers](https://docs.gitlab.com/ee/administration/settings/user_and_ip_rate_limits.html#response-headers).
The default rate limits have been intentionally set fairly high to not disrupt most usage, based on the request rates we see on GitLab.com.
Instance administrators can set higher or lower limits as needed in the Admin area, similarly to other rate limits already in place.
Loading