In T337635: Create API endpoint for receiving report data we are defining an API endpoint for receiving data that a logged-in user submits via a form.
We will want to provide some rate limits for this API endpoint, to reduce a malicious user's capability for abuse.
We can set separate rate limits for non-autoconfirmed users (new user accounts) and longer standing user accounts.
One proposal:
- limit submissions to 1 per 24 hour period for non-autoconfirmed users
- limit submissions to 5 per 24 hour period for autoconfirmed users
After we decide on the rate limits, we'll clarify the design and implementation of a user-facing message if they trip the rate limit in T338804: [S] Inform the user about the success or failure of submitting a report