define rate limits for anonymous access to the API
Closed, MigratedEdits Locked
Actions

Assigned To

Authored By

	zack
	Jan 30 2017, 2:05 PM

Description

We need to define which rate limits we want to apply, given the current infrastructure we have, for anonymous access to the API.

Status	Assigned	Task
Migrated	gitlab-migration	T614 Open up the Software Heritage API to the world
Migrated	gitlab-migration	T616 rate limiting for anonymous access to the API
Migrated	gitlab-migration	T651 define rate limits for anonymous access to the API
Migrated	gitlab-migration	T652 estimate max load we can withstand for anonymous access to the API
Migrated	gitlab-migration	T615 set up pg_logical-based master/slave replication for the postgres db

zack moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

zack moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

The rate limits have been (way) increased for the load testing to have any chance of giving meaningful results.

We _need_ to lower them before release !

Based on the results of T652, we will use the following rate limits:

global limit: 250'000 requests/hour (= 70 req/sec * 60 * 60)
hourly limit: 120 requests/hour (global limit divided by 2000 hypothetical simultaneous users)
burst control: 2 requests/second