2022-02-08 18:16:03 +00:00
---
type: reference
stage: Manage
2022-06-14 15:08:43 +00:00
group: Authentication and Authorization
2022-09-21 21:13:33 +00:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2022-02-08 18:16:03 +00:00
---
# Rate limits on Users API **(FREE SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78364) in GitLab 14.8.
2022-02-11 12:19:13 +00:00
You can configure the per user rate limit for requests to [Users API ](../../../api/users.md ).
2022-02-08 18:16:03 +00:00
2022-02-11 12:19:13 +00:00
To change the rate limit:
2022-02-08 18:16:03 +00:00
2022-09-14 03:12:37 +00:00
1. On the top bar, select **Main menu > Admin** .
2022-02-08 18:16:03 +00:00
1. On the left sidebar, select **Settings > Network** .
1. Expand **Users API rate limit** .
1. In the **Maximum requests per 10 minutes** text box, enter the new value.
1. Optional. In the **Users to exclude from the rate limit** box, list users allowed to exceed the limit.
1. Select **Save changes** .
This limit is:
- Applied independently per user.
- Not applied per IP address.
The default value is `300` .
Requests over the rate limit are logged into the `auth.log` file.
For example, if you set a limit of 300, requests to the `GET /users/:id` API endpoint
exceeding a rate of 300 per 10 minutes are blocked. Access to the endpoint is allowed after ten minutes have elapsed.