Deprecated API rate limits

Introduced in GitLab 14.4.

Deprecated API endpoints are those which have been replaced with alternative functionality, but cannot be removed without breaking backward compatibility. Setting a restrictive rate limit on these endpoints can encourage users to switch to the alternatives.

Deprecated API endpoints

Not all deprecated API endpoints are included in this rate limit - just those that might have a performance impact:

Define Deprecated API rate limits

Rate limits for deprecated API endpoints are disabled by default. When enabled, they supersede the general user and IP rate limits for requests to deprecated endpoints. You can keep any general user and IP rate limits already in place, and increase or decrease the rate limits for deprecated API endpoints. No other new features are provided by this override.

Prerequisites:

  • You must have the Administrator role for your instance.

To override the general user and IP rate limits for requests to deprecated API endpoints:

  1. On the top bar, select Menu > Admin.
  2. On the left sidebar, select Settings > Network.
  3. Expand Deprecated API Rate Limits.
  4. Select the check boxes for the types of rate limits you want to enable:
    • Unauthenticated API request rate limit
    • Authenticated API request rate limit
  5. If you enabled unauthenticated API request rate limits:
    1. Select the Maximum unauthenticated API requests per period per IP.
    2. Select the Unauthenticated API rate limit period in seconds.
  6. If you enabled authenticated API request rate limits:
    1. Select the Maximum authenticated API requests per period per user.
    2. Select the Authenticated API rate limit period in seconds.

Resources