Page MenuHomePhabricator

[INVESTIGATE] Understand current rate limitting of Mediawiki/Wikibase Action API
Closed, ResolvedPublic


Example questions to cover:

  • What is the rate limiting mechanism in Mediawiki (Action API): e.g. is there different treating of logged in and anonymous clients, does the client being a "bot" user influence a rate limits allowance

Event Timeline

Silvan_WMDE renamed this task from Understand current rate limitting of Mediawiki/Wikibase Action API to [INVESTIGATE] Understand current rate limitting of Mediawiki/Wikibase Action API.Sep 27 2022, 12:33 PM

Depends on config, but ip or user or user groups are possible

Not sure if REST has other ways to limit requests, but the normal rate limit in rest is only used for stashbasehtml

I'm not sure there is much to be investigated here. Useful links have been shared in the comment above (thanks!), and the answer to both questions in the description is "yes", in short.

Here is the relevant bit of production config:
Here is the bit that adds the noratelimit right to bots:

It turns out I failed to read the second link in my comment above. Bots clearly do *not* have the noratelimit right. They do have apihighlimits though, which can be seen in the list here:

apihighlimits is used to limit the result size of read actions on the api (per action/request), whereas noratelimit is used to limit/throttle the number of write actions in a time period through api and index/gui. The is no different limits for read actions on index.php depending on user rights.

While sysops/admins are not limit on write actions, they are still limitted on api reads the same ways as bots, but with higher limit as other users.
While bots are no-ratelimited on most wmf wikis, that is not true for wikidata (that is what is linked on the second link)