In T246270, we set the base rate limit per hour for API calls for with a client ID to 5000 calls per user, "including null (no user)".
This means that for client credentials use, we're spreading an app's usage across maybe hundreds or thousands of devices. This is a disincentive to use client IDs, since the per-IP limit is higher.
We should change this to 5000 API calls per client ID/null/IP address, so that anonymous users with identified apps have the same rate limit as logged-in users.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • eprodromou | T235270 Wikimedia API Gateway | |||
| Open | None | T255034 Wikimedia API Gateway Long-term Use | |||
| Open | None | T269156 [API Gateway] Change how client credentials are handled in the rate limiter |
As API Gateway is nowadays owned by serviceops, adding the serviceops project tag to open API Gateway tasks tagged with the deprecated/archived "Platform Team Initiatives (API Gateway)" tag at https://phabricator.wikimedia.org/project/profile/4321/, as part of Phabricator Housekeeping.