Rate limits on Groups API
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
Configure Groups API rate limits
Version history
-
Introduced rate limit for groups and projects API in GitLab 17.1 with a flag named
rate_limit_groups_and_projects_api. Disabled by default. -
Generally available in GitLab 18.1. Feature flag
rate_limit_groups_and_projects_apiremoved.
Configure the rate limit for each IP address and user for requests to the following Groups API endpoints:
| Limit | Default | Interval |
|---|---|---|
GET /groups |
200 | 1 minute |
GET /groups/:id |
400 | 1 minute |
GET /groups/:id/groups/shared |
0 | 1 minute |
GET /groups/:id/invited_groups |
60 | 1 minute |
GET /groups/:id/projects |
600 | 1 minute |
POST /groups/:id/archive |
60 | 1 minute |
To change the rate limit:
- In the upper-right corner, select Admin.
- Select Settings > Network.
- Expand Groups API rate limits.
- Change the value of any rate limit, or set a rate limit to
0to disable it. - Select Save changes.
The rate limits:
- Apply to each authenticated user. If requests are not authenticated, rate limits apply to the IP address.
- Can be set to 0 to disable rate limiting.
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 400 for GET /groups/:id, requests to the API endpoint that
exceed a rate of 400 per minute are blocked. Access to the endpoint is restored after one minute.
Rate limit on listing group members
Version history
- Introduced in GitLab 18.6.
A non-configurable rate limit is set on the list all group members API endpoint.
The rate limit:
- Defaults to 200 requests every minute.
- Applies for each group and user.
Requests over the rate limit are logged into the auth.log file.
For example, requests to the API endpoint that exceed a rate of 200 requests per minute are blocked. Access to the endpoint resumes after one minute.
Configure rate limits on group archiving and unarchiving
- Status: Experiment
Version history
-
Introduced in GitLab 18.0 with a flag named
archive_group. Disabled by default.
The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.
Configure a rate limit on requests to the following group archiving endpoints:
POST /groups/:id/archive
POST /groups/:id/unarchiveTo change the rate limit:
- In the upper-right corner, select Admin.
- Select Settings > Network.
- Expand Groups API.
- In the Maximum requests to the POST /groups/:id/archive and POST /groups/:id/unarchive API per minute per user or IP address text box, enter a value.
- Select Save changes.
The rate limit:
- Defaults to 60 requests every minute
- Apply to each authenticated user. If requests are not authenticated, rate limits apply to the IP address.
- Can be set to 0 to disable rate limits
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 60, requests to the API endpoint that exceed a rate of 60 requests per minute are blocked. Access to the endpoint resumes after one minute.
For more information on group archiving endpoints, see Archive a group.
Configure rate limits on deleting group members
Version history
- Introduced in GitLab 16.9.
Configure the rate limit for each group and user for requests to the delete members endpoint.
To change the rate limit:
- In the upper-right corner, select Admin.
- Select Settings > Network.
- Expand Members API rate limit.
- In the Maximum requests per minute per group / project text box, enter a value.
- Select Save changes.
The rate limit:
- Defaults to 60 requests every minute.
- Applies for each group and user.
- Can be set to 0 to disable the rate limit.
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 60, requests to the API endpoint that exceed a rate of 60 requests per a minute are blocked. Access to the endpoint is restored after one minute.