Skip to content

Update envs for API rate limits #416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 9, 2025
Merged

Update envs for API rate limits #416

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 21 additions & 17 deletions setup/env-variables/backend-env-variables.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -460,23 +460,27 @@ Use Invisible reCAPTCHA v2 for the latest versions. If using a previous version

## <mark style="background-color:orange;">API Rate Limits</mark>

| Variable | Description | Parameters |
| ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| `API_RATE_LIMIT` | A global API rate limit: number or requests per second for all users. Implemented in [#5030](https://github.com/blockscout/blockscout/pull/5030) | <p>Version: v4.1.1+<br>Default: <code>10 req/sec</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_KEY` | A dedicated API rate limit per key for every type of API key (static or generated from Account module). Implemented in [#5080](https://github.com/blockscout/blockscout/pull/5080) | <p>Version: v4.1.1+<br>Default: <code>10 req/sec</code><br>Applications: API</p> |
| `API_RATE_LIMIT_WHITELISTED_IPS` | Comma-separated whitelisted IPs list with dedicated rate limit. Implemented in [#5090](https://github.com/blockscout/blockscout/pull/5090) | <p>Version: v4.1.1+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_STATIC_API_KEY` | Static API key with dedicated API rate limit. Implemented in [#5080](https://github.com/blockscout/blockscout/pull/5080) | <p>Version: v4.1.1+<br>Default: (empty)<br>Applications: API</p> |
| `API_NO_RATE_LIMIT_API_KEY` | API key with no rate limit. Implemented in [#10515](https://github.com/blockscout/blockscout/pull/10515) | <p>Version: v6.8.0+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_DISABLED` | If `true`, any type of rate limit is ignored. Implemented in [#6908](https://github.com/blockscout/blockscout/pull/6908) | <p>Version: v5.1.0+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_IS_BLOCKSCOUT_BEHIND_PROXY` | If `true`, then IP address of a client will be derived from proxy's headers (like `X-Forwarded-For`) using [RemoteIp](https://hexdocs.pm/remote_ip/RemoteIp.html) library. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>false</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_WHITELISTED_IP` | A dedicated API rate limit for whitelisted IPs. Implemented in [#5090](https://github.com/blockscout/blockscout/pull/5090) | <p>Version: v5.1.3+<br>Default: <code>50 req/sec</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_IP` | Global rate limit for an IP address for API v2 requests sent from UI. [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>3000</code><br>Applications: API</p> |
| `API_RATE_LIMIT_HAMMER_REDIS_URL` | Redis DB URL for Hammer rate limit library. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Needs Recompile: ☑️<br>Version: v5.1.3+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_UI_V2_WITH_TOKEN` | Rate limit after submitting correct CAPTCHA. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>5</code><br>Applications: API</p> |
| `API_RATE_LIMIT_TIME_INTERVAL` | Time interval of rate limit. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>1s</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_IP_TIME_INTERVAL` | Time interval of rate limit set by `API_RATE_LIMIT_BY_IP`. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>5m</code><br>Applications: API</p> |
| `API_RATE_LIMIT_UI_V2_TOKEN_TTL_IN_SECONDS` | TTL for token issued after submitting correct CAPTCHA for an API v2 requests from UI. In seconds. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>1800</code><br>Applications: API</p> |
| `ETH_JSON_RPC_MAX_BATCH_SIZE` | Max batch size for Eth JSON RPC requests. Implemented in [#9409](https://github.com/blockscout/blockscout/pull/9409) | <p>Version: v6.3.0+<br>Default: <code>5</code><br>Applications: API</p> |
| Variable | Description | Parameters |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| `API_RATE_LIMIT` | A global API rate limit: number or requests per second for all users. Implemented in [#5030](https://github.com/blockscout/blockscout/pull/5030) | <p>Version: v4.1.1+<br>Default: <code>10 req/sec</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_KEY` | A dedicated API rate limit per key for every type of API key (static or generated from Account module). Implemented in [#5080](https://github.com/blockscout/blockscout/pull/5080) | <p>Version: v4.1.1+<br>Default: <code>10 req/sec</code><br>Applications: API</p> |
| `API_RATE_LIMIT_WHITELISTED_IPS` | Comma-separated whitelisted IPs list with dedicated rate limit. Implemented in [#5090](https://github.com/blockscout/blockscout/pull/5090) | <p>Version: v4.1.1+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_STATIC_API_KEY` | Static API key with dedicated API rate limit. Implemented in [#5080](https://github.com/blockscout/blockscout/pull/5080) | <p>Version: v4.1.1+<br>Default: (empty)<br>Applications: API</p> |
| `API_NO_RATE_LIMIT_API_KEY` | API key with no rate limit. Implemented in [#10515](https://github.com/blockscout/blockscout/pull/10515) | <p>Version: v6.8.0+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_DISABLED` | If `true`, any type of rate limit is ignored. Implemented in [#6908](https://github.com/blockscout/blockscout/pull/6908) | <p>Version: v5.1.0+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_IS_BLOCKSCOUT_BEHIND_PROXY` | If `true`, then IP address of a client will be derived from proxy's headers (like `X-Forwarded-For`) using [RemoteIp](https://hexdocs.pm/remote_ip/RemoteIp.html) library. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>false</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_WHITELISTED_IP` | A dedicated API rate limit for whitelisted IPs. Implemented in [#5090](https://github.com/blockscout/blockscout/pull/5090) | <p>Version: v5.1.3+<br>Default: <code>50 req/sec</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_IP` | Global rate limit for an IP address for API v2 requests sent from UI. [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>3000</code><br>Applications: API</p> |
| `API_RATE_LIMIT_HAMMER_REDIS_URL` | Redis DB URL for Hammer rate limit library. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_UI_V2_WITH_TOKEN` | Rate limit after submitting correct CAPTCHA. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>5</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_IP_TIME_INTERVAL` | Time interval of rate limit set by `API_RATE_LIMIT_BY_IP`. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>5m</code><br>Applications: API</p> |
| `API_RATE_LIMIT_UI_V2_TOKEN_TTL_IN_SECONDS` | TTL for token issued after submitting correct CAPTCHA for an API v2 requests from UI. In seconds. Implemented in [#7148](https://github.com/blockscout/blockscout/pull/7148) | <p>Version: v5.1.3+<br>Default: <code>1800</code><br>Applications: API</p> |
| `ETH_JSON_RPC_MAX_BATCH_SIZE` | Max batch size for Eth JSON RPC requests. Implemented in [#9409](https://github.com/blockscout/blockscout/pull/9409) | <p>Version: v6.3.0+<br>Default: <code>5</code><br>Applications: API</p> |
| `API_RATE_LIMIT_CONFIG_URL` | URL to fetch API rate limit configuration from external source. Implemented in [#12386](https://github.com/blockscout/blockscout/pull/12386) | <p>Version: master<br>Default: (empty)<br>Applications: API</p> |
| `API_RATE_LIMIT_BY_KEY_TIME_INTERVAL` | Time interval for API rate limit by key. [Time format](backend-env-variables.md#time-format). Implemented in [#12386](https://github.com/blockscout/blockscout/pull/12386) | <p>Version: master<br>Default: <code>1s</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_WHITELISTED_IP_TIME_INTERVAL` | Time interval for API rate limit by whitelisted IP. [Time format](backend-env-variables.md#time-format). Implemented in [#12386](https://github.com/blockscout/blockscout/pull/12386) | <p>Version: master<br>Default: <code>1s</code><br>Applications: API</p> |
| `API_RATE_LIMIT_UI_V2_WITH_TOKEN_TIME_INTERVAL` | Time interval for API rate limit for UI v2 with token. [Time format](backend-env-variables.md#time-format). Implemented in [#12386](https://github.com/blockscout/blockscout/pull/12386) | <p>Version: master<br>Default: <code>1s</code><br>Applications: API</p> |
| `API_RATE_LIMIT_BY_ACCOUNT_API_KEY_TIME_INTERVAL` | Time interval for API rate limit by account API key. [Time format](backend-env-variables.md#time-format). Implemented in [#12386](https://github.com/blockscout/blockscout/pull/12386) | <p>Version: master<br>Default: <code>1s</code><br>Applications: API</p> |

## <mark style="background-color:orange;">General application rate Limits</mark>

Expand Down
Loading