Rate limits on Projects API

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed, GitLab Dedicated

Configure Projects API rate limits

Configure the rate limit for each IP address and user for requests to the following Projects API endpoints:

LimitDefaultInterval
GET /projects (unauthenticated requests)40010 minutes
GET /projects (authenticated requests)200010 minutes
GET /projects/:id4001 minute
GET /users/:user_id/projects3001 minute
GET /users/:user_id/contributed_projects1001 minute
GET /users/:user_id/starred_projects1001 minute

To change the rate limit:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Projects API rate limits.
  4. Change the value of a rate limit, or set a rate limit to 0 to disable it.
  5. Select Save changes.

The rate limits:

  • Apply to each authenticated user. If requests are not authenticated, rate limits apply to the IP address.

Requests over the rate limit are logged into the auth.log file.

For example, if you set a limit of 400 for GET /projects/:id, requests to the API endpoint that exceed a rate of 400 requests per minute are blocked. Access to the endpoint is restored after one minute.

For more information about project API endpoints, see the projects API.

Configure rate limits on deleting project members

Configure the rate limit for each project and user for requests to the delete members endpoint.

To change the rate limit:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Members API rate limit.
  4. In the Maximum requests per minute per group / project text box, enter a value.
  5. Select Save changes.

The rate limit:

  • Defaults to 60 requests every minute
  • Applies for each project and user.
  • Can be set to 0 to disable the rate limit.

Requests over the rate limit are logged into the auth.log file.

For example, if you set a limit of 60, requests to the API endpoint that exceed a rate of 60 requests per minute are blocked. Access to the endpoint resumes after one minute.

Configure rate limits on listing project members

Configure the rate limit for requests to the list project members endpoint.

To change the rate limit:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Projects API.
  4. In the Maximum requests to the GET /projects/:id/members/all API per minute per user or IP address text box, enter a value.
  5. Select Save changes.

The rate limit:

  • Defaults to 200 requests every minute.
  • Applies to each project and user.
  • Can be set to 0 to disable rate limits.

Requests over the rate limit are logged into the auth.log file.

For example, if you set a limit of 200, requests to the API endpoint that exceed a rate of 200 requests per minute are blocked. Access to the endpoint resumes after one minute.