Rate limits for API users

I want to create a sister app at some point that will post topics on to the forum via an API user account - is there any info available on rate limits for this? Can we ‘trust’ certain accounts so that rate limits do not apply?

1 Like

As far as I know, using an API key (generated in the admin interface) bypasses rate limits that are checked within the rails stack, e.g. limits on the number of posts.
It will not bypass the general limit on the number of requests per second enforced by nginx, but most likely, that won’t be a problem :slight_smile:


You can explicitly bypass validations if you are using the API and API key, the limits in general will hold though.


I’m not too bothered by validations Sam, but by-passing rate limits for specific accounts could be helpful.

Does the response include the specific error code if rate limits have been by-passed? That could be helpful if there’s no chance of including an option to by-pass…

I kind of worry about answering questions about problems that do not exist :blush:

If you hit the limits let me know and let me know what errors you are getting

1 Like

I did actually hit the limit previously - we currently have 6 monthly giveaways and every night a cron runs to check whether there is a ‘bonus day’, if there is, it posts an update on the forum. What I was finding was the crons running later weren’t posting. However I’ve since changed the cron jobs to run a minute after each other. (This is fine for this situation.)

I’ll keep you posted re the other app (which will be posting via the API much more frequently) though I don’t expect this to go live for a few months yet.

We use discourse via API from a Rails server. Which means all the traffic coming from one IP. We have enough traffic that it hits the rate limiter. I second the need for an API exception to this rate limit.

1 Like

This might be a good one for you to comment on today @sam – are there limits for self hosters? do we have limits? how do we think about this now, since it has changed…

These days we have explicit global limits for API, however sometimes limits cascade.

Certain controllers introduce limits, like maximum number of topics you can create per N seconds and so on.

For trivial get requests you could lift the api rate limit way up and not hit any limits from Discourse. There are still some limits in NGINX you would have to tweak.

1 Like

How would that impact an account wanting to post new topics or posts via its API Key Sam?

Where can we do this Sam?

I also am currently considering making a portal that will use the discourse_api gem to pull in a lot of data from the forum, am I likely to hit rate limits here? I would love for us to be able to by-pass any rate limits for accounts that we have marked as ‘safe’.

I recommend reading through our rate limits here:


We should have documentation for various other limits floating around meta.


Thanks Sam, so for future reference (and anyone else searching for this in future) here are the full details:

I have a question about private IPs but I’ll post in the main topic. This one can probably be closed at this point as that other topic is newer.