Deprecated API rate limits

• Tier: Free, Premium, Ultimate
• Offering: GitLab Self-Managed, GitLab Dedicated

Deprecated API endpoints have been replaced with alternative features, but they can't be removed without breaking backward compatibility. To encourage users to switch to the alternative, set a restrictive rate limit on deprecated endpoints.

Deprecated API endpoints

This rate limit does not include all deprecated API endpoints, just the ones that are likely to affect performance:

• GET /groups/:id without the with_projects=0 query parameter.

Define deprecated API rate limits

Rate limits for deprecated API endpoints are disabled by default. When enabled, they supersede the general user and IP rate limits for requests to deprecated endpoints. You can keep any general user and IP rate limits already in place, and increase or decrease the rate limits for deprecated API endpoints. No other new features are provided by this override.

Prerequisites:

• You must have administrator access to the instance.

To override the general user and IP rate limits for requests to deprecated API endpoints:

1. On the left sidebar, at the bottom, select Admin.
2. Select Settings > Network.
3. Expand Deprecated API Rate Limits.
4. Select the checkboxes for the types of rate limits you want to enable:
   • Unauthenticated API request rate limit
   • Authenticated API request rate limit
5. If you selected unauthenticated:
   1. Select the Maximum unauthenticated API requests per period per IP.
   2. Select the Unauthenticated API rate limit period in seconds.
6. If you selected authenticated:
   1. Select the Maximum authenticated API requests per period per user.
   2. Select the Authenticated API rate limit period in seconds.

Related topics

• Rate limits
• User and IP rate limits