Rate limits on Repository files API
DETAILS: Tier: Free, Premium, Ultimate Offering: Self-managed
- Introduced in GitLab 14.3.
- Generally available in GitLab 14.6. Feature flag
files_api_throttling
removed.
The Repository files API enables you to fetch, create, update, and delete files in your repository. To improve the security and durability of your web application, you can enforce rate limits on this API. Any rate limits you create for the Files API override the general user and IP rate limits.
Define Files API rate limits
Rate limits for the Files API are disabled by default. When enabled, they supersede the general user and IP rate limits for requests to the Repository files API. You can keep any general user and IP rate limits already in place, and increase or decrease the rate limits for the Files API. No other new features are provided by this override.
Prerequisites:
- You must have administrator access to the instance.
To override the general user and IP rate limits for requests to the Repository files API:
- On the left sidebar, at the bottom, select Admin Area.
- Select Settings > Network.
- Expand Files API Rate Limits.
- Select the checkboxes for the types of rate limits you want to enable:
- Unauthenticated API request rate limit
- Authenticated API request rate limit
- If you selected unauthenticated:
- Select the Max unauthenticated API requests per period per IP.
- Select the Unauthenticated API rate limit period in seconds.
- If you selected authenticated:
- Select the Max authenticated API requests per period per user.
- Select the Authenticated API rate limit period in seconds.