To clarify are rate limits applying to all api requests or only ones that hit the backend (i.e. Do cached api responses served by varnish count?)
-- Brian On Mon, Mar 2, 2026 at 12:25 PM Jonathan Tweed via Wikitech-l < [email protected]> wrote: > On Mon, 2 Mar 2026 at 18:41, Tenshi H <[email protected]> wrote: > > > > On Monday, March 2nd, 2026 at 5:25 PM, Jonathan Tweed via Wikitech-l > [email protected] wrote: > > > > If tools are running on WMCS, this will exempt you from the limits > > even when using OAuth 1.0. > > > > For tools outside WMCS, OAuth 1.0 consumers will work as long as you > > also send cookies as this will include a JWT cookie in the request > > that we can validate in place of an OAuth 2.0 access token. > > > > > > Wikimedia APIs/Rate limits#Caveats says however that "OAuth 1 access > tokens are not supported by the rate limit infrastructure. Requests using > OAuth 1 tokens will be treated as unauthenticated with respect to rate > limiting." Which is what's going to happen? > > They are not supported on their own, but we are about to deploy a > change that will generate a JWT cookie when you use bot passwords or > OAuth 1. If this cookie is then sent alongside the OAuth 1 token, the > request will be treated as authenticated. These are T417833 and > T415007 in Phabricator and will be deployed over the next couple of > weeks. > > You are right, that page isn't as clear as it could be. I will update, > thanks! > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ >
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
