Rate limits on Groups API

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed, GitLab Dedicated

Configure Groups API rate limits

Configure the rate limit for each IP address and user for requests to the following Groups API endpoints:

LimitDefaultInterval
GET /groups2001 minute
GET /groups/:id4001 minute
GET /groups/:id/groups/shared01 minute
GET /groups/:id/invited_groups601 minute
GET /groups/:id/projects6001 minute
POST /groups/:id/archive601 minute

To change the rate limit:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Groups API rate limits.
  4. Change the value of any rate limit, or set a rate limit to 0 to disable it.
  5. Select Save changes.

The rate limits:

  • Apply to each authenticated user. If requests are not authenticated, rate limits apply to the IP address.
  • Can be set to 0 to disable rate limiting.

Requests over the rate limit are logged into the auth.log file.

For example, if you set a limit of 400 for GET /groups/:id, requests to the API endpoint that exceed a rate of 400 per minute are blocked. Access to the endpoint is restored after one minute.

Rate limit on listing group members

A non-configurable rate limit is set on the list all group members API endpoint.

The rate limit:

  • Defaults to 200 requests every minute.
  • Applies for each group and user.

Requests over the rate limit are logged into the auth.log file.

For example, requests to the API endpoint that exceed a rate of 200 requests per minute are blocked. Access to the endpoint resumes after one minute.

Configure rate limits on group archiving and unarchiving

  • Status: Experiment

The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.

Configure a rate limit on requests to the following group archiving endpoints:

POST /groups/:id/archive
POST /groups/:id/unarchive

To change the rate limit:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Groups API.
  4. In the Maximum requests to the POST /groups/:id/archive and POST /groups/:id/unarchive API per minute per user or IP address text box, enter a value.
  5. Select Save changes.

The rate limit:

  • Defaults to 60 requests every minute
  • Apply to each authenticated user. If requests are not authenticated, rate limits apply to the IP address.
  • Can be set to 0 to disable rate limits

Requests over the rate limit are logged into the auth.log file.

For example, if you set a limit of 60, requests to the API endpoint that exceed a rate of 60 requests per minute are blocked. Access to the endpoint resumes after one minute.

For more information on group archiving endpoints, see Archive a group.

Configure rate limits on deleting group members

Configure the rate limit for each group and user for requests to the delete members endpoint.

To change the rate limit:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Settings > Network.
  3. Expand Members API rate limit.
  4. In the Maximum requests per minute per group / project text box, enter a value.
  5. Select Save changes.

The rate limit:

  • Defaults to 60 requests every minute.
  • Applies for each group and user.
  • Can be set to 0 to disable the rate limit.

Requests over the rate limit are logged into the auth.log file.

For example, if you set a limit of 60, requests to the API endpoint that exceed a rate of 60 requests per a minute are blocked. Access to the endpoint is restored after one minute.