Rate limit on Projects API (FREE SELF)
- Introduced in GitLab 15.10 with a flag named
rate_limit_for_unauthenticated_projects_api_access. Disabled by default.
- Enabled on GitLab.com on May 08, 2023.
- Enabled on self-managed in GitLab 16.0 by default.
- Generally available in GitLab 16.0. Feature flag
You can configure the rate limit per IP address for unauthenticated requests to the list all projects API.
To change the rate limit:
- On the left sidebar, select Search or go to.
- Select Admin Area.
- Select Settings > Network.
- Expand Projects API rate limit.
- In the Maximum requests per 10 minutes per IP address text box, enter the new value.
- Select Save changes.
The rate limit:
- Applies per IP address.
- Doesn't apply to authenticated requests.
- Can be set to 0 to disable rate limiting.
The default value of the rate limit is
Requests over the rate limit are logged into the
For example, if you set a limit of 400, unauthenticated requests to the
GET /projects API endpoint that
exceed a rate of 400 within 10 minutes are blocked. Access to the endpoint is restored after ten minutes have elapsed.