Package registry rate limits

Tier: Free, Premium, Ultimate Offering: Self-managed

With the GitLab package registry, you can use GitLab as a private or public registry for a variety of common package managers. You can publish and share packages, which others can consume as a dependency in downstream projects through the Packages API.

If downstream projects frequently download such dependencies, many requests are made through the Packages API. You may therefore reach enforced user and IP rate limits. To address this issue, you can define specific rate limits for the Packages API:

These limits are disabled by default.

When enabled, they supersede the general user and IP rate limits for requests to the Packages API. You can therefore keep the general user and IP rate limits, and increase the rate limits for the Packages API. Besides this precedence, there is no difference in functionality compared to the general user and IP rate limits.

Enable unauthenticated request rate limit for packages API

To enable the unauthenticated request rate limit:

  1. On the left sidebar, at the bottom, select Admin Area.
  2. Select Settings > Network.
  3. Expand Package registry rate limits.
  4. Select Enable unauthenticated request rate limit.

    • Optional. Update the Maximum unauthenticated requests per rate limit period per IP value. Defaults to 800.
    • Optional. Update the Unauthenticated rate limit period in seconds value. Defaults to 15.

Enable authenticated API request rate limit for packages API

To enable the authenticated API request rate limit:

  1. On the left sidebar, at the bottom, select Admin Area.
  2. Select Settings > Network
  3. Expand Package registry rate limits.
  4. Select Enable authenticated API request rate limit.

    • Optional. Update the Maximum authenticated API requests per rate limit period per user value. Defaults to 1000.
    • Optional. Update the Authenticated API rate limit period in seconds value. Defaults to 15.