Blog Company Rate limitations for unauthorized users of the Projects List API
April 10, 2023
2 min read

Rate limitations for unauthorized users of the Projects List API

Learn details about upcoming changes for unauthenticated users of the Projects List API.

tanukicover.jpg
lohrc-headshot Christina Lohr
productfeaturesnews

Starting on May 22 for self-managed GitLab, and May 8 for GitLab.com, unauthenticated users will be subject to rate limitations when using the Projects List API. This change has been made to ensure the stability and reliability of our platform for all users.

Note: Authorized users are not affected by this change.

What is the the Projects List API?

The Projects List API provides information about GitLab projects, including name, description, and other metadata. This API is widely used by our community, including researchers, developers, and integrators, to retrieve and analyze information about GitLab projects. We value this usage and aim to support it as much as possible.

Rate limitation details

In recent months, we have observed that the frequency and intensity of requests made by unauthenticated, also known as anonymous, users to the Projects List API have increased significantly. This has resulted in an increased load on our servers, which has impacted the performance and stability of our platform for all users. To address this issue, we have decided to introduce rate limitations for unauthenticated users.

As a consequence of this change, unauthenticated users of the Projects List API will be limited to 400 requests per 10 minutes per unique IP address on GitLab.com. If an unauthenticated user exceeds this limit, the user will receive a "429 Too Many Requests" response. On GitLab.com, this limit cannot be changed. Users of self-managed GitLab instances have the same rate limitation set by default, but admins can change the rate limits as they see fit via the UI or the application settings API. They can also set the rate limit to zero, which acts as if there is no rate limitation at all.

We understand that this change may impact some of our users who rely on the Projects List API, and we apologize for any inconvenience this may cause. We encourage users who need to make more than 400 requests per 10 minutes to the Projects List API to sign up for a GitLab account, which provides higher rate limits and other benefits, such as access to additional APIs and integrations.

If you have any questions or concerns about this change, please do not hesitate to leave feedback in this issue.

More to explore

View all blog posts
Company
gitlabflatlogomap.png

Our Privacy Policy has been updated

Company
tanukicover.jpg

Community forks: A new, easier way to contribute to GitLab

Company
innersourcing-improves-collaboration-within-an-organization.jpg

Why we launched GitLab Contributor Days

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert