Hi, I'm currently, right now, at a Wikimedia themed hackathon that I'm running ( https://wikigamejam.org/sf-2026).
I see this: User-Agent only Unauthenticated requests that provide a User-Agent header that is compliant with the User-Agent policy <https://foundation.wikimedia.org/wiki/Policy:Wikimedia_Foundation_User-Agent_Policy> . low I'm wondering if the definition of "low" is intentionally obfuscated for some security purpose? The people at our hackathon are very new to Wikimedia APIs and I just want to gut check if the limits will cause them problems. Thanks, -Travis On Sat, Mar 14, 2026 at 11:27 AM Siddharth VP via Wikitech-l < [email protected]> wrote: > It looks like the rate limiting is also being applied to requests to > /w/rest.php/oauth2/authorize. Is this intentional? The user naturally > won't be authenticated yet during OAuth authorization. As OAuth is > typically implemented by using a 302 redirect to send the user to > /authorize, apps don't have control over the user agent as that's set by > the browser, nor is it possible to make the browser set the Api-User-Agent > header. > > This was brought up in > https://github.com/wikimedia-gadgets/gadget-deploy/issues/7. > > On Sat, 14 Mar 2026 at 15:01, Daniel Kinzler via Wikitech-l < > [email protected]> wrote: > >> Hello Piotr, >> >> Tools like this should continue to work fine if they authenticate when >> making the API requests. We don't want to break community tools, but we >> can't distinguish them from commercial scrapers, which we want to rate >> limit. So the way to fix the tools is to make the user log in, or to run >> the tools on WMCS. >> >> The there are problems with making tools authenticate for making API >> calls, please let us know. >> >> HTH, >> Daniel >> >> Am 13.03.26 um 22:41 schrieb Piotr Gackowski via Wikitech-l: >> >> This change has more or less crashed my workflows related to Structured >> Data on Commons. >> >> Both Depictor and Wikicrowd have effectively stopped working for me. The >> “for me” part is important — I have been making more than 100k edits per >> month for the last three years. >> >> I have already reported the issues to the tool maintainers: >> https://github.com/hay/wiki-tools/issues/179 >> https://github.com/addshore/wikicrowd/issues/236 >> >> However, I want to highlight a broader problem. At Wikimania 2024 in >> Katowice, I gave a presentation about adding Structured Data to Commons >> [1]. During that talk, I recommended tools such as Depictor, Wikicrowd, >> AC/DC, and the SDC tool. Since then, every single tool I mentioned has >> become heavily limited by some form of rate limiting. >> >> As a result, I increasingly feel that my hands are tied with every new >> change introduced by WMF in this area. >> >> PMG >> [1] >> https://wikimania.wikimedia.org/wiki/2024:Program/What_tools_you_can_use_to_fill_Structure_Data_on_Commons_files >> . >> >> czw., 12 mar 2026 o 11:47 Daniel Kinzler via Wikitech-l < >> [email protected]> napisał(a): >> >>> Hi all! >>> >>> As previously announced >>> <https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/GBFZTN3A233IR6F4HEENCIUCVI2ZH6YB/>, >>> we have started rolling out new global API rate limits across our APIs to >>> help ensure fair and sustainable access >>> <https://www.mediawiki.org/wiki/MediaWiki_Product_Insights/Content_Reuse> >>> to Wikimedia resources. >>> >>> We have just enabled the first set of limits, which apply to anonymous >>> requests from bots and unauthenticated requests from web browsers. See the >>> documentation on mediawiki.org <http://mediawiki.org> for more >>> information. This has now been updated with actual limits for anonymous >>> requests and authenticated bot requests that do not come from WMCS. We are >>> still finalizing the initial limits for User-Agent only (e.g. >>> InstantCommons) and authenticated browser requests. >>> >>> As a next step, rate limits for logged in users will follow in early >>> April >>> <https://www.mediawiki.org/wiki/MediaWiki_Product_Insights/Responsible_Reuse/WE5.1:_Developer_authentication_and_authorization#Timeline>. >>> The concrete limits will be communicated beforehand. Access for clients >>> running in WMCS and accounts that have a bot flag will not be affected by >>> this change. However, all developers are advised to familiarize themselves >>> with the new limits and follow the best practices outlined in the >>> documentation. >>> >>> If you see any unexpected issues that might be the result of the limits >>> rolled out today, we are actively monitoring this list, relevant Talk pages >>> and [email protected]. >>> >>> -- >>> Daniel Kinzler >>> Principal Software Engineer >>> MediaWiki Engineering Group >>> Wikimedia Foundation >>> >>> _______________________________________________ >>> Wikitech-l mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >>> https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ >> >> >> _______________________________________________ >> Wikitech-l mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected]https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ >> >> >> -- >> Daniel Kinzler >> Principal Software Engineer >> MediaWiki Engineering Group >> Wikimedia Foundation >> >> >> _______________________________________________ >> Wikitech-l mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/ > > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
