Page MenuHomePhabricator
Create Task
Maniphest T253887

[API Gateway] Administrator limits number of client IDs per Client Developer
Open, Needs TriagePublic
Actions

Description

"As an Administrator, I want to limit the number of client IDs that each Client Developer can register, to prevent misuse of the authentication system."

A typical form of misuse would be registering multiple client IDs for the same app to get around API rate limits. Another form would be overloading the client ID approval process.

@BPirkle checked the database and found a max number of client IDs per developer account at 56. We think 100 client IDs should cover legitimate needs for most developers, but this should probably be configurable by a user right.

Related Objects
Search...

Event Timeline

eprodromou created this task.May 28 2020, 3:38 PM
eprodromou edited parent tasks, added: T255032: Wikimedia API Gateway Public Launch; removed: T246266: Wikimedia API Gateway keys.Jun 10 2020, 3:47 PM

This is an important user story for public launch, and we probably shouldn't go public without it.

eprodromou edited parent tasks, added: T255034: Wikimedia API Gateway Long-term Use; removed: T255032: Wikimedia API Gateway Public Launch.Jul 23 2020, 2:50 PM
eprodromou edited projects, added Platform Team Workboards (User Stories); removed Platform Team Workboards (Green).Jul 29 2020, 2:09 PM
Aklapper removed eprodromou as the assignee of this task.Apr 1 2021, 5:51 AM
Aklapper renamed this task from Administrator limits number of client IDs per Client Developer to [API Gateway] Administrator limits number of client IDs per Client Developer.Apr 1 2024, 8:10 AM
Aklapper removed a subscriber: eprodromou.
Aklapper added a project: serviceops-deprecated.Apr 1 2024, 8:15 AM

As API Gateway is nowadays owned by ServiceOps new, adding the ServiceOps new project tag to open API Gateway tasks tagged with the deprecated/archived "Platform Team Initiatives (API Gateway)" tag at https://phabricator.wikimedia.org/project/profile/4321/, as part of Phabricator Housekeeping.

jijiki moved this task from Incoming 🐫 to API Gateway 🥌 on the serviceops-deprecated board.Mar 10 2025, 12:35 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits