Hi, I'm forwarding the below to additional email lists in case the announcement interests additional people who aren't subscribed to Wiktech-l. I suggest that any questions or comments for this topic which are intended for public email discussion be placed in the original thread on Wikitech-l
Regards, Pine🌲 ---------- Forwarded message --------- From: Jonathan Tweed via Wikitech-l <[email protected]> Date: Mon, Mar 2, 2026 at 8:44 AM Subject: [Wikitech-l] New global API rate limits To: <[email protected]> Cc: Jonathan Tweed <[email protected]> Hi all To help ensure fair and sustainable access <https://www.mediawiki.org/wiki/MediaWiki_Product_Insights/Content_Reuse> to Wikimedia resources, over the next month the Wikimedia Foundation will implement global API rate limits across our APIs. Why we’re doing this As we’ve shared over the last year <https://diff.wikimedia.org/2025/04/01/how-crawlers-impact-the-operations-of-the-wikimedia-projects/>, since 2024 we’ve observed a significant rise in automated requests, across scraping, APIs and bulk downloads. This is continuing to cause unsustainable load on our infrastructure, taking time and resources away that we need to support the Wikimedia projects, contributors and readers. To ensure we can continue to provide preferential access for human and mission-oriented traffic, we need to reduce the amount of unidentified requests to our APIs from its current level of around 33%. This reduction will also enable us to improve governance around fair use, in line with our API Usage Guidelines <https://foundation.wikimedia.org/wiki/Policy:Wikimedia_Foundation_API_Usage_Guidelines> . What we’re doing In early March, we will apply low limits to anonymous API requests that originate from outside Toolforge/WMCS and requests that are made from web browsers. In early April, higher limits will be applied to identified traffic, including authenticated requests. Authenticated requests from a user in the ‘bot’ user group on any wiki will not be subject to these new limits, nor will clients which are well known to the Wikimedia Foundation. API requests from Toolforge/WMCS will also be exempt from rate limits for now. Regardless, all developers are encouraged to familiarise themselves with the new limits and associated best practices to ensure they are not misclassified as abusive traffic. You can find this information at Wikimedia APIs/Rate limits <https://www.mediawiki.org/wiki/Wikimedia_APIs/Rate_limits> . What this means in practice Tools that use Wikimedia-hosted APIs, including Gadgets that make API requests, may be subject to new cross-API limits that are global across all Wikimedia projects. These limits are intentionally set as high as possible to minimise impact on the community. We are asking developers to identify their requests to access higher limits. Tools running in Toolforge/WMCS are exempted for now, but we request that you follow the User-Agent policy <https://foundation.wikimedia.org/wiki/Policy:Wikimedia_Foundation_User-Agent_Policy> and provide a meaningful User-Agent to help us correctly identify the source of traffic. Otherwise, authenticating using session cookies or OAuth 2.0 will grant a higher limit. Where the authenticated user has the community approved bot right on any wiki, this will also exempt you from limits, even when the tool is not running on Toolforge/WMCS. This request for authentication is a change from the previous guidance in the Robot policy, which suggested not authenticating to improve cache hit rates. We do not expect any significant impact from this change with current usage patterns and will be working over the next year to improve caching for authenticated requests. Community impact A key principle throughout this work has been to ensure responsible use of our infrastructure, whilst minimizing the impact on the community. Our communities rely on a broad ecosystem of bots and other tools to create and maintain the wikis, created by a dedicated group of technical volunteers. These limits are being put in place to protect our projects from high levels of abuse and ensure that we are able to better insulate our community infrastructure from high-volume commercial usage. They are necessary to ensure that developers are using the most appropriate channels, giving us the ability to prioritize the community and our human readers. Ideally, members of Wikimedia communities will not be affected by this change. However, it is possible that a small number of bots and other tools which operate at a very high rate may get rate limited. We ask you to follow the best practices and are here to help bot operators get the access they need. What we need you to do If you are a developer that uses Wikimedia APIs, we ask you to: - Read more about the new limits <https://www.mediawiki.org/wiki/Wikimedia_APIs/Rate_limits> and the updated Robot policy <https://wikitech.wikimedia.org/wiki/Robot_policy> - Update your tools/bots to follow the new best practices Should you require a higher rate of access, you are able to: - Request the bot flag <https://www.mediawiki.org/wiki/Manual:Bots> from your local wiki community - Consider running in Toolforge or another WMCS offering - Use Wikimedia Enterprise APIs <https://meta.wikimedia.org/wiki/Wikimedia_Enterprise#Access> for high-volume usage - Contact the WMF at [email protected] Best Jonathan -- *Jonathan Tweed* (he/him) Senior Product Manager, Core Platform Wikimedia Foundation <https://wikimediafoundation.org/> _______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
_______________________________________________ Cloud mailing list -- [email protected] List information: https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/
