Rate limits on Users API (FREE SELF)
Introduced in GitLab 14.8.
You can configure the per user rate limit for requests to Users API.
To change the rate limit:
- On the top bar, select Menu > Admin.
- On the left sidebar, select Settings > Network.
- Expand Users API rate limit.
- In the Maximum requests per 10 minutes text box, enter the new value.
- Optional. In the Users to exclude from the rate limit box, list users allowed to exceed the limit.
- Select Save changes.
This limit is:
- Applied independently per user.
- Not applied per IP address.
The default value is 300
.
Requests over the rate limit are logged into the auth.log
file.
For example, if you set a limit of 300, requests to the GET /users/:id
API endpoint
exceeding a rate of 300 per 10 minutes are blocked. Access to the endpoint is allowed after ten minutes have elapsed.