Increase api daily limit


(Jong Eun Lee) #1

I’m trying to migrate data from bbpress to discourse using api.

When request, I got a message below:
“We have a daily limit on how many times that action can be taken. Please wait 23 hours before trying again.”

How can I increase or disable api’s daily limit?

Best R,
Jong.


Single sign-on with self-hosted Wordpress install
(Kane York) #2

Migration is probably better suited for implementation as a bundle exec “goal” (or whatever it’s called, I’m not familiar with the terms). That way, it gets direct access to the UserCreator and PostCreator.


(Sam Saffron) #3

I agree the API should have a bypass mode. We already have skip_validations we should probably also have a skip_throttles.


(Erlend Sogge Heggen) #4

psst! I’d love to hear more about that once you’ve got some experiences to share from.


(Curtis Herbert) #5

Ditto! I’m about to undertake a similar project (ditching bbPress while keeping Wordpress for the rest of the site). If you can share code please do, I’d love to avoid duplicating the work of migrating previous topics/threads that you’re probably doing.


(Erlend Sogge Heggen) #6

We just hit this limit whilst trying to do a DokuWiki integration:

What’s the recommended way of increasing/bypassing this limit?


(pctr) #7

I’m also getting the same error:

{u’error_type’: u’rate_limit’, u’errors’: [u’We have a daily limit on how many times that action can be taken. Please wait 14 minutes before trying again.’]}

Is there any way to increase or remove the limit?


(Matt Palmer) #8

Based on a quick grovel through the code, operations performed as a staff user don’t get rate-limited, so that’s an option. Otherwise, you can set site settings named rate_limit_create_<model> to some astonishingly huge value. Unfortunately, I can’t see an easy way to determine which type of data type creation limit you’re bumping up against, but rate_limit_create_topic and rate_limit_create_post would probably be the best ones to start with.


(pctr) #9

I’ve created a Python wrapper over the login process, using the REST interface (post to /session). I notice I get the error sometimes when a user fails to log in. In some cases I also get the error with valid userid/passwords.


(Kane York) #10

Oh, so you’re hitting the per-IP login rate limiting. Which is applied before the username/password are inspected, because online password guessing attacks. A thousand guesses a second? screw that noise, you only get 30 tries per hour.


  def create

    unless allow_local_auth?
      render nothing: true, status: 500
      return
    end

    RateLimiter.new(nil, "login-hr-#{request.remote_ip}", 30, 1.hour).performed!
    RateLimiter.new(nil, "login-min-#{request.remote_ip}", 6, 1.minute).performed!

    params.require(:login)
    params.require(:password)

    return invalid_credentials if params[:password].length > User.max_password_length

    login = params[:login].strip
    login = login[1..-1] if login[0] == "@"


    if user = User.find_by_username_or_email(login)

You’re probably going to need to redesign your wrapper.


(pctr) #11

Good to know this limit is in place. I was purposely trying login failures to test the wrapper.
Thanks.