I use Discourse as a course forum, and have a bunch of scripts that I use to manage the installation through the admin API. I have an API key for an admin user and use that to perform various administrative tasks.
Today I’m trying to disable a bunch of users since we are transitioning between semesters. For each student that has left the class, I first log them out and then suspend them.
Unfortunately I’m having two problems:
- My requests are hitting some kind of internal rate limit, which it seems like I can’t control. It looks like the logic to bypass rate limiting for admins doesn’t work when you are using API keys.
- The offending requests are returning 500 errors rather than 429s.
Here’s a snippet of the relevant logs:
Started PUT "/admin/users/926/suspend?api_key=[FILTERED]&api_username=admin" for 18.104.22.168 at 2018-01-11 19:45:18 +0000 RateLimiter::LimitExceeded (RateLimiter::LimitExceeded) /var/www/discourse/lib/rate_limiter.rb:87:in `performed!'
Ideally this rate limiting (a) wouldn’t be done for admin requests and (b) wouldn’t be returning the wrong error code.