Hi all,
Criteria for rate limiting and invalid request blocking have not changed, but we are now returning more specific status codes/messages for those blocks. Previously, we used the AWS WAF default of 403 Access denied; as of today (27 Feb), we are now using the following codes and messages:
- Rate-limit blocks: 429 Rate Limit Exceeded. ROR API rate limit is 2000 requests per 5 minute period
(note that we don't send a retry-after header because requests are not blocked for a specific period of time - at any time, requests over the rate-limit threshold are blocked and requests below the threshold are allowed)
- Invalid request blocks: 400 Bad Request
We hope this helps users to better identify the reason for blocked requests. As always, please let us know if you have questions by replying here or contacting
sup...@ror.org .
Cheers,
Liz