Question: mistake in documentation?

[samdegroot1]

This documentation page states there is a rate limit of 1000 requests per hour for opencve.io API. In fact when i check the response headers when making a request to the API, the X-RateLimit-Limit header says my limit is 250.

Is this a mistake in the documentation, and if not, could the documentation be more clear about which rate limit rule applies in which situation?

[ncrocfer]

Indeed we have changed this value because of some abuse. Rhe new values are now 250/hour and 2/seconds, I will update the documentation.

[samdegroot1]

Hi @ncrocfer thanks for your quick reply and the fix in the documentation! I have been testing with the API and the fixed limit of 250 requests per hour works fine. I had the rate limit on seconds configured as 2 requests per 2 seconds, so 1 request per second. Somehow with that configuration i was hitting the rate limiter and got the 429 status code rate limit reached. The same with 2 requests per 3 seconds. Now i have 1 request per 3 seconds configured, and now my process finishes without hitting the rate limiter.

I am using the Symfony rate limiter; https://symfony.com/doc/current/rate_limiter.html

Do you have any idea why 1 request per second seems to be exceeding the rate limits?

Anyways, the 1 request per 3 seconds is fine for me. I was just wondering and wanted to give you a heads up ;)

[ncrocfer]

I had the rate limit on seconds configured as 2 requests per 2 seconds, so 1 request per second.

No, 2 requests per 2 seconds can be: you reach the quota with 2 requests during the first second, no matter how many requests you will do in the 2nd second.

Anyway I will not continue this discussion as your question is not related to OpenCVE and you're talking here about a Symfony code. I advice you to ask the Symfony community.