New status codes for blocked ROR API requests

13 views
Skip to first unread message

Liz Krznarich

unread,
Feb 27, 2024, 3:41:23 PMFeb 27
to ROR Technical Forum
Hi all,

As previously announced here and here, the ROR API has a rate limit of 2000 requests per 5 min period and we also block specific invalid requests that we receive frequently (https://api.ror.org/organizations?affiliation= and  https://api.ror.org/organizations?affiliation=0) at the load balancer to prevent an abundance of errors at the application level. 

Criteria for rate limiting and invalid request blocking have not changed, but we are now returning more specific status codes/messages for those blocks. Previously, we used the AWS WAF default of 403 Access denied; as of today (27 Feb), we are now using the following codes and messages:
  • Rate-limit blocks: 429 Rate Limit Exceeded. ROR API rate limit is 2000 requests per 5 minute period
    (note that we don't send a retry-after header because requests are not blocked for a specific period of time - at any time, requests over the rate-limit threshold are blocked and requests below the threshold are allowed)

  • Invalid request blocks: 400 Bad Request
We hope this helps users to better identify the reason for blocked requests. As always, please let us know if you have questions by replying here or contacting sup...@ror.org

Cheers,
Liz
Reply all
Reply to author
Forward
0 new messages