Rate limit on Groups API
DETAILS: Tier: Free, Premium, Ultimate Offering: Self-managed
- Rate limit for groups and projects API introduced in GitLab 17.1. with a flag named
rate_limit_groups_and_projects_api. Disabled by default.
You can configure the per minute rate limit per IP address and per user for requests to the following groups API.
| Limit | Default |
|---|---|
| GET /groups | 200 |
| GET /groups/:id | 400 |
| GET /groups/:id/projects | 600 |
To change the rate limit:
- On the left sidebar, at the bottom, select Admin.
- Select Settings > Network.
- Expand Groups API rate limits.
- Change the value of any rate limit. The rate limits are per minute per user for authenticated requests and per IP address unauthenticated requests.
Set to
0to disable a rate limit. - Select Save changes.
The rate limits:
- Apply per user if the user is authenticated.
- Apply per IP address if the user is unauthenticated.
- Can be set to 0 to disable rate limiting.
- Are behind the
rate_limit_groups_and_projects_api.
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 400 for GET /groups/:id, requests to the API endpoint that
exceed a rate of 400 within 1 minutes are blocked. Access to the endpoint is restored after one minutes have elapsed.