It looks like the rate limiting is also being applied to requests to /w/rest.php/oauth2/authorize. Is this intentional? The user naturally won't be authenticated yet during OAuth authorization. As OAuth is typically implemented by using a 302 redirect to send the user to /authorize, apps don't have control over the user agent as that's set by the browser, nor is it possible to make the browser set the Api-User-Agent header.
This was brought up in https://github.com/wikimedia-gadgets/gadget-deploy/issues/7. On Sat, 14 Mar 2026 at 15:01, Daniel Kinzler via Wikitech-l < [email protected]> wrote: > Hello Piotr, > > Tools like this should continue to work fine if they authenticate when > making the API requests. We don't want to break community tools, but we > can't distinguish them from commercial scrapers, which we want to rate > limit. So the way to fix the tools is to make the user log in, or to run > the tools on WMCS. > > The there are problems with making tools authenticate for making API > calls, please let us know. > > HTH, > Daniel > > Am 13.03.26 um 22:41 schrieb Piotr Gackowski via Wikitech-l: > > This change has more or less crashed my workflows related to Structured > Data on Commons. > > Both Depictor and Wikicrowd have effectively stopped working for me. The > “for me” part is important — I have been making more than 100k edits per > month for the last three years. > > I have already reported the issues to the tool maintainers: > https://github.com/hay/wiki-tools/issues/179 > https://github.com/addshore/wikicrowd/issues/236 > > However, I want to highlight a broader problem. At Wikimania 2024 in > Katowice, I gave a presentation about adding Structured Data to Commons > [1]. During that talk, I recommended tools such as Depictor, Wikicrowd, > AC/DC, and the SDC tool. Since then, every single tool I mentioned has > become heavily limited by some form of rate limiting. > > As a result, I increasingly feel that my hands are tied with every new > change introduced by WMF in this area. > > PMG > [1] > https://wikimania.wikimedia.org/wiki/2024:Program/What_tools_you_can_use_to_fill_Structure_Data_on_Commons_files > . > > czw., 12 mar 2026 o 11:47 Daniel Kinzler via Wikitech-l < > [email protected]> napisał(a): > >> Hi all! >> >> As previously announced >> <https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/GBFZTN3A233IR6F4HEENCIUCVI2ZH6YB/>, >> we have started rolling out new global API rate limits across our APIs to >> help ensure fair and sustainable access >> <https://www.mediawiki.org/wiki/MediaWiki_Product_Insights/Content_Reuse> >> to Wikimedia resources. >> >> We have just enabled the first set of limits, which apply to anonymous >> requests from bots and unauthenticated requests from web browsers. See the >> documentation on mediawiki.org <http://mediawiki.org> for more >> information. This has now been updated with actual limits for anonymous >> requests and authenticated bot requests that do not come from WMCS. We are >> still finalizing the initial limits for User-Agent only (e.g. >> InstantCommons) and authenticated browser requests. >> >> As a next step, rate limits for logged in users will follow in early >> April >> <https://www.mediawiki.org/wiki/MediaWiki_Product_Insights/Responsible_Reuse/WE5.1:_Developer_authentication_and_authorization#Timeline>. >> The concrete limits will be communicated beforehand. Access for clients >> running in WMCS and accounts that have a bot flag will not be affected by >> this change. However, all developers are advised to familiarize themselves >> with the new limits and follow the best practices outlined in the >> documentation. >> >> If you see any unexpected issues that might be the result of the limits >> rolled out today, we are actively monitoring this list, relevant Talk pages >> and [email protected]. >> >> -- >> Daniel Kinzler >> Principal Software Engineer >> MediaWiki Engineering Group >> Wikimedia Foundation >> >> _______________________________________________ >> Wikitech-l mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ > > > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to > [email protected]https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ > > > -- > Daniel Kinzler > Principal Software Engineer > MediaWiki Engineering Group > Wikimedia Foundation > > > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
