Rate limits on Projects API
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
Configure Projects API rate limits
Version history
-
Generally available in GitLab 16.0. Feature flag
rate_limit_for_unauthenticated_projects_api_accessremoved. -
Introduced rate limit for the group and projects API in GitLab 17.1 with a flag named
rate_limit_groups_and_projects_api. Disabled by default. -
Generally available in GitLab 18.1. Feature flag
rate_limit_groups_and_projects_apiremoved.
Configure the rate limit for each IP address and user for requests to the following Projects API endpoints:
| Limit | Default | Interval |
|---|---|---|
GET /projects (unauthenticated requests) |
400 | 10 minutes |
GET /projects (authenticated requests) |
2000 | 10 minutes |
GET /projects/:id |
400 | 1 minute |
GET /users/:user_id/projects |
300 | 1 minute |
GET /users/:user_id/contributed_projects |
100 | 1 minute |
GET /users/:user_id/starred_projects |
100 | 1 minute |
To change the rate limit:
- In the upper-right corner, select Admin.
- Select Settings > Network.
- Expand Projects API rate limits.
- Change the value of a rate limit, or set a rate limit to
0to disable it. - Select Save changes.
The rate limits:
- Apply to each authenticated user. If requests are not authenticated, rate limits apply to the IP address.
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 400 for GET /projects/:id, requests to the API endpoint that
exceed a rate of 400 requests per minute are blocked. Access to the endpoint is restored after one minute.
For more information about project API endpoints, see the projects API.
Configure rate limits on deleting project members
Version history
- Introduced in GitLab 16.9.
Configure the rate limit for each project and user for requests to the delete members endpoint.
To change the rate limit:
- In the upper-right corner, select Admin.
- Select Settings > Network.
- Expand Members API rate limit.
- In the Maximum requests per minute per group / project text box, enter a value.
- Select Save changes.
The rate limit:
- Defaults to 60 requests every minute
- Applies for each project and user.
- Can be set to 0 to disable the rate limit.
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 60, requests to the API endpoint that exceed a rate of 60 requests per minute are blocked. Access to the endpoint resumes after one minute.
Configure rate limits on listing project members
Version history
- Introduced in GitLab 18.6.
Configure the rate limit for requests to the list project members endpoint.
To change the rate limit:
- In the upper-right corner, select Admin.
- Select Settings > Network.
- Expand Projects API.
- In the Maximum requests to the GET /projects/:id/members/all API per minute per user or IP address text box, enter a value.
- Select Save changes.
The rate limit:
- Defaults to 200 requests every minute.
- Applies to each project and user.
- Can be set to 0 to disable rate limits.
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 200, requests to the API endpoint that exceed a rate of 200 requests per minute are blocked. Access to the endpoint resumes after one minute.