Add rate limiting to projects members all API (!211239) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Add rate limiting to projects members all API

Endpoint	Rate limit per user
GET /api/v4/projects/:id/members/all	60 requests per minute

Closes #578527

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

In rails console

pry(main)> user=User.first
pry(main)> 59.times { Gitlab::ApplicationRateLimiter.throttled?(:project_members_api, scope: user) }
=> 59
pry(main)> Gitlab::ApplicationRateLimiter.throttled?(:project_members_api, scope: user)
=> false
pry(main)> 61.times { Gitlab::ApplicationRateLimiter.throttled?(:project_members_api, scope: user) }
=> 61
pry(main)> Gitlab::ApplicationRateLimiter.throttled?(:project_members_api, scope: user)
=> true

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Nov 04, 2025 by Shubham Kumar