I use Discourse as a course forum, and have a bunch of scripts that I use to manage the installation through the admin API. I have an API key for an admin user and use that to perform various administrative tasks.
Today I’m trying to disable a bunch of users since we are transitioning between semesters. For each student that has left the class, I first log them out and then suspend them.
Unfortunately I’m having two problems:
My requests are hitting some kind of internal rate limit, which it seems like I can’t control. It looks like the logic to bypass rate limiting for admins doesn’t work when you are using API keys.
The offending requests are returning 500 errors rather than 429s.
Here’s a snippet of the relevant logs:
Started PUT "/admin/users/926/suspend?api_key=[FILTERED]&api_username=admin" for 192.17.148.54 at 2018-01-11 19:45:18 +0000
RateLimiter::LimitExceeded (RateLimiter::LimitExceeded)
/var/www/discourse/lib/rate_limiter.rb:87:in `performed!'
Ideally this rate limiting (a) wouldn’t be done for admin requests and (b) wouldn’t be returning the wrong error code.
I know—I saw this. But it doesn’t seem to be working. Hence my speculation about the API key not setting up the user properly. But that’s just a guess.
But it will take a bit for it to land cause I need to clean plugin tests.
The particular reason you are getting rate limited is:
if you are self hosting you can raise DISCOURSE_MAX_ADMIN_API_REQS_PER_KEY_PER_MINUTE to a higher number. We introduced this limit to protect from unintentional API abuse.