⏳ [Create error] Too many requests
Closed, ResolvedPublic5 Estimated Story Points
Actions

Assigned To

Authored By

	Ifrahkhanyaree_WMDE
	Jun 4 2024, 1:10 PM

Description

Acceptance criteria:

User behaviour it should apply to: Rate limited edits and Temp user creation throttling
HTTP status code: 429
Error code: request-limit-reached
Error message: Exceeded the limit of actions that can be performed in a given span of time
Error context: { "reason": "{reason-code}" } (where reason-code is one of 'rate-limit-reached', 'temp-account-creation-limit-reached')

OLDER
Corresponding action API responses
Rate limiting:

{
    "error": {
        "code": "failed-save",
        "info": "The save has failed.",
        "messages": [
            {
                "name": "wikibase-api-failed-save",
                "parameters": [],
                "html": {
                    "*": "The save has failed."
                }
            },
            {
                "name": "actionthrottledtext",
                "parameters": [],
                "html": {
                    "*": "As an anti-abuse measure, you are limited from performing this action too many times in a short space of time, and you have exceeded this limit.\nPlease try again in a few minutes."
                }
            }
        ],
        "*": "See http://default.mediawiki.mwdd.localhost:8080/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/&gt; for notice of API deprecations and breaking changes."
    },
    "servedby": "2ccec9f2adab"
}

Temp user creation throttling:

{
    "error": {
        "code": "failed-save",
        "info": "The save has failed.",
        "messages": [
            {
                "name": "wikibase-api-failed-save",
                "parameters": [],
                "html": "The save has failed."
            },
            {
                "name": "acct_creation_throttle_hit",
                "parameters": [
                    3,
                    {
                        "duration": 10000
                    }
                ],
                "html": "Visitors to this wiki using your IP address have created 3 accounts in the last 2 hours, 46 minutes and 40 seconds, which is the maximum allowed in this time period.\nAs a result, visitors using this IP address cannot create any more accounts at the moment."
            }
        ],
        "docref": "See http://default.mediawiki.mwdd.localhost:8080/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/&gt; for notice of API deprecations and breaking changes."
    },
    "servedby": "2ccec9f2adab"
}

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	REST: Add 429 response to OAS for edit routes	mediawiki/extensions/Wikibase	master	+186 -0

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	Ifrahkhanyaree_WMDE	T366594 ⏳ [Create error] Too many requests
Resolved	• Muhammad_Yasser_Jazirahly_WMDE	T374970 ⏳ Too many temp users error
Resolved	Jakob_WMDE	T374971 ⏳ Too many requests (rate limiting)
Resolved	Silvan_WMDE	T375327 ⏳ Add 429 HTTP status code to openapi-validation test
Open	None	T376147 Retry-After header for "429 Too Many Requests" responses

Event Timeline

Ifrahkhanyaree_WMDE created this task.Jun 4 2024, 1:10 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 4 2024, 1:10 PM

WMDE-leszek updated the task description. (Show Details)Jun 19 2024, 12:57 PM

WMDE-leszek updated the task description. (Show Details)Jun 19 2024, 1:00 PM

WMDE-leszek moved this task from Backlog to Polished on the Wikibase Reuse Team board.

Ollie.Shotton_WMDE mentioned this in T368398: [MAIN] REST API v1 CHECKLIST.Jun 26 2024, 5:13 PM

Ifrahkhanyaree_WMDE renamed this task from [Generalised error] Too many requests to [Create error] Too many requests .Jul 4 2024, 10:27 AM

Ollie.Shotton_WMDE updated the task description. (Show Details)Jul 10 2024, 10:44 AM

Ifrahkhanyaree_WMDE added a parent task: T368398: [MAIN] REST API v1 CHECKLIST.Jul 17 2024, 9:56 AM

Ifrahkhanyaree_WMDE removed a parent task: T368398: [MAIN] REST API v1 CHECKLIST.Jul 18 2024, 9:53 AM

Ifrahkhanyaree_WMDE set the point value for this task to 5.Jul 22 2024, 10:10 AM

Ifrahkhanyaree_WMDE moved this task from Polished to Ready for planning on the Wikibase Reuse Team board.

Ifrahkhanyaree_WMDE moved this task from Backlog to Errors on the Wikibase REST API (WPP) board.Jul 26 2024, 2:55 PM

Ifrahkhanyaree_WMDE moved this task from Errors to Next on the Wikibase REST API (WPP) board.Aug 22 2024, 12:01 PM

• JayCano added a project: Temporary accounts.Sep 12 2024, 1:14 PM

kostajh moved this task from Inbox to Backlog on the Temporary accounts board.Sep 13 2024, 10:44 AM

Ifrahkhanyaree_WMDE moved this task from Ready for planning to Sprint 29 on the Wikibase Reuse Team board.Sep 17 2024, 9:43 AM

Ifrahkhanyaree_WMDE edited projects, added Wikibase Reuse Team (Sprint 29); removed Wikibase Reuse Team.

We think these should be two different errors:

too many edit requests
too many temp user requests

The latter can be avoided by changing the client to make any subsequent requests as the temp account that was created for them in the first request, so it seems useful to let the client know which limit they're hitting.

Task breakdown notes:

Subtask 1: too many temp users

config hack to override $wgTempAccountCreationThrottle
e2e test setting the limit to 1, expect it to fail with the second request
temp user creation happens in MediaWikiEditEntity::attemptSave() via $this->createTempUserIfNeeded(); so we may also be able to handle it in UpdateExceptionHandler
add to OAS

Subtask 2: too many requests (rate limiting)