Rate limit on Groups API
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
Version history
- Rate limit for groups and projects API introduced in GitLab 17.1. with a flag named rate_limit_groups_and_projects_api. Disabled by default.
- 
Generally available in GitLab 18.1. Feature flag rate_limit_groups_and_projects_apiremoved.
You can configure the per minute rate limit per IP address and per user for requests to the following groups API.
| Limit | Default | 
|---|---|
| GET /groups | 200 | 
| GET /groups/:id | 400 | 
| GET /groups/:id/projects | 600 | 
To change the rate limit:
- On the left sidebar, at the bottom, select Admin.
- Select Settings > Network.
- Expand Groups API rate limits.
- Change the value of any rate limit. The rate limits are per minute per user for authenticated requests and per IP address unauthenticated requests.
Set to 0to disable a rate limit.
- Select Save changes.
The rate limits:
- Apply per user if the user is authenticated.
- Apply per IP address if the user is unauthenticated.
- Can be set to 0 to disable rate limiting.
Requests over the rate limit are logged into the auth.log file.
For example, if you set a limit of 400 for GET /groups/:id, requests to the API endpoint that
exceed a rate of 400 within 1 minutes are blocked. Access to the endpoint is restored after one minutes have elapsed.