Closed
Description
This documentation page states there is a rate limit of 1000 requests per hour for opencve.io API. In fact when i check the response headers when making a request to the API, the X-RateLimit-Limit header says my limit is 250.
Is this a mistake in the documentation, and if not, could the documentation be more clear about which rate limit rule applies in which situation?
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Milestone
Relationships
Participants
Activity
ncrocfer commentedon Jan 25, 2023
Indeed we have changed this value because of some abuse. Rhe new values are now 250/hour and 2/seconds, I will update the documentation.
samdegroot1 commentedon Jan 27, 2023
Hi @ncrocfer thanks for your quick reply and the fix in the documentation! I have been testing with the API and the fixed limit of 250 requests per hour works fine. I had the rate limit on seconds configured as 2 requests per 2 seconds, so 1 request per second.
Somehow with that configuration i was hitting the rate limiter and got the 429 status code rate limit reached. The same with 2 requests per 3 seconds. Now i have 1 request per 3 seconds configured, and now my process finishes without hitting the rate limiter.
I am using the Symfony rate limiter; https://symfony.com/doc/current/rate_limiter.html
Do you have any idea why 1 request per second seems to be exceeding the rate limits?
Anyways, the 1 request per 3 seconds is fine for me. I was just wondering and wanted to give you a heads up ;)
ncrocfer commentedon Jan 27, 2023
No, 2 requests per 2 seconds can be: you reach the quota with 2 requests during the first second, no matter how many requests you will do in the 2nd second.
Anyway I will not continue this discussion as your question is not related to OpenCVE and you're talking here about a Symfony code. I advice you to ask the Symfony community.