Rate limits for API users

AstonJ · 2017 年5 月 24 日 23:58

I want to create a sister app at some point that will post topics on to the forum via an API user account - is there any info available on rate limits for this? Can we ‘trust’ certain accounts so that rate limits do not apply?

fefrei · 2017 年5 月 25 日 14:30

As far as I know, using an API key (generated in the admin interface) bypasses rate limits that are checked within the rails stack, e.g. limits on the number of posts.
It will not bypass the general limit on the number of requests per second enforced by nginx, but most likely, that won’t be a problem

sam · 2017 年5 月 25 日 14:52

You can explicitly bypass validations if you are using the API and API key, the limits in general will hold though.

AstonJ · 2017 年5 月 25 日 17:21

I’m not too bothered by validations Sam, but by-passing rate limits for specific accounts could be helpful.

Does the response include the specific error code if rate limits have been by-passed? That could be helpful if there’s no chance of including an option to by-pass…

sam · 2017 年5 月 25 日 19:49

I kind of worry about answering questions about problems that do not exist

If you hit the limits let me know and let me know what errors you are getting

AstonJ · 2017 年5 月 26 日 01:27

I did actually hit the limit previously - we currently have 6 monthly giveaways and every night a cron runs to check whether there is a ‘bonus day’, if there is, it posts an update on the forum. What I was finding was the crons running later weren’t posting. However I’ve since changed the cron jobs to run a minute after each other. (This is fine for this situation.)

I’ll keep you posted re the other app (which will be posting via the API much more frequently) though I don’t expect this to go live for a few months yet.

frizman21 · 2018 年1 月 3 日 23:44

We use discourse via API from a Rails server. Which means all the traffic coming from one IP. We have enough traffic that it hits the rate limiter. I second the need for an API exception to this rate limit.

codinghorror · 2020 年3 月 13 日 08:31

今天或许可以请你评论一下 @sam —— 自托管用户是否有使用限制？我们是否设有此类限制？鉴于情况已发生变化，我们现在该如何看待这个问题？

sam · 2020 年3 月 16 日 03:56

如今，我们为 API 设置了明确的全局限制，但有时限制会级联生效。

某些控制器会引入特定限制，例如每 N 秒内可创建的主题数量上限等。

对于简单的 GET 请求，您可以大幅提高 API 速率限制，从而避免触及 Discourse 的任何限制。不过，您仍需调整 NGINX 中的一些限制。

AstonJ · 2020 年3 月 16 日 04:04

这会对希望通过其 API 密钥发布新主题或帖子的账户产生什么影响，Sam？

我们可以在哪里进行此设置，Sam？

我目前也在考虑构建一个门户，该门户将使用 discourse_api 宝石（gem）从论坛中拉取大量数据。我是否可能会在此遇到速率限制？我非常希望我们能够绕过那些被标记为“安全”的账户的任何速率限制。

sam · 2020 年3 月 17 日 06:08

建议您在此处阅读我们的速率限制：

github.com/discourse/discourse

config/discourse_defaults.conf

1f34f653b


      
          ### rate limits apply to all sites
          max_user_api_reqs_per_minute = 20
          max_user_api_reqs_per_day = 2880
          
          max_admin_api_reqs_per_key_per_minute = 60
          
          max_reqs_per_ip_per_minute = 200
          max_reqs_per_ip_per_10_seconds = 50
          
          # applies to asset type routes (avatars/css and so on)
          max_asset_reqs_per_ip_per_10_seconds = 200
          
          # global rate limiter will simply warn if the limit is exceeded, can be warn+block, warn, block or none
          max_reqs_per_ip_mode = block
          
          # bypass rate limiting any IP resolved as a private IP
          max_reqs_rate_limit_on_private = false

我们应该在 meta 板块中找到关于其他各种限制的文档。

AstonJ · 2020 年3 月 17 日 20:14

谢谢 Sam，为了将来参考（以及任何将来搜索此问题的人），以下是完整详情：

我有关于私有 IP 的问题，但我会在主主题中发布。这个主题现在可以关闭了，因为那个主题更新。

话题		回复	浏览量
Available settings for global rate limits and throttling Self-Hosting reference	4	23205	2025 年11 月 2 日
Increase rate limit for API? Development rest-api	2	1113	2024 年2 月 20 日
How to bypass rate limiter when using an API key? Self-hosting	16	6224	2023 年6 月 4 日
Enable user to Generate API key Feature	5	1599	2018 年5 月 14 日
API rate limits Development rest-api	7	4082	2021 年11 月 8 日

Rate limits for API users

相关话题