Good spot ;-) Strictly speaking, they will only apply to requests that hit the backend. However, that's extremely difficult to predict and if you send authentication, that's also currently uncached as so subject to limits anyway.
We are hopefully going to work on caching for authenticated requests next FY, so we may be able to make this more consistent then. On Mon, 2 Mar 2026 at 20:37, bawolff via Wikitech-l <[email protected]> wrote: > > To clarify are rate limits applying to all api requests or only ones that hit > the backend (i.e. Do cached api responses served by varnish count?) > > -- > Brian > > On Mon, Mar 2, 2026 at 12:25 PM Jonathan Tweed via Wikitech-l > <[email protected]> wrote: >> >> On Mon, 2 Mar 2026 at 18:41, Tenshi H <[email protected]> wrote: >> > >> > On Monday, March 2nd, 2026 at 5:25 PM, Jonathan Tweed via Wikitech-l >> > [email protected] wrote: >> > >> > If tools are running on WMCS, this will exempt you from the limits >> > even when using OAuth 1.0. >> > >> > For tools outside WMCS, OAuth 1.0 consumers will work as long as you >> > also send cookies as this will include a JWT cookie in the request >> > that we can validate in place of an OAuth 2.0 access token. >> > >> > >> > Wikimedia APIs/Rate limits#Caveats says however that "OAuth 1 access >> > tokens are not supported by the rate limit infrastructure. Requests using >> > OAuth 1 tokens will be treated as unauthenticated with respect to rate >> > limiting." Which is what's going to happen? >> >> They are not supported on their own, but we are about to deploy a >> change that will generate a JWT cookie when you use bot passwords or >> OAuth 1. If this cookie is then sent alongside the OAuth 1 token, the >> request will be treated as authenticated. These are T417833 and >> T415007 in Phabricator and will be deployed over the next couple of >> weeks. >> >> You are right, that page isn't as clear as it could be. I will update, >> thanks! >> _______________________________________________ >> Wikitech-l mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ > > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ _______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
