API Rate limit feature – Adobe Commerce 2.4.3

Adobe Commerce API Rate Limits

Since Magento 1 we all needed to set up the API limits completely from the integration to not oversaturate the application. The API Rate Limit is a market pattern to all saas platforms (e.g. Shopify and Salesforce).

Adobe Commerce 2.4.3 brought us the API rate limit out-of-the-box in the new version, so we don’t have to worry so much from the middleware side, we might have control over the API limit during communications from both sides, which is amazing!

Magento 2.4.3 introduced built-in rate limiting to Magento APIs to prevent denial-of-service (DoS) attacks.

Default API limits

By default, Magento implemented the following built-in API rate limiting. However, you might be able to configure it during the development, you just need to check the API security documentation.

  • REST requests containing inputs representing a list of entities are limited to a default maximum of 20 entities.
  • REST and GraphQL queries that allow paginated results are limited to a default maximum of 300 items per page

Magento extensions impact

The new feature introduced prevents DoS attacks by imposing restrictions on the number of resources requested by a Web-API in a single request. However, we do realize that this change may impact extensions that update thousands of products via a single API request.

How to disable Adobe Commerce API limit

In order to globally disable the API limits, you can just apply a hotfix that reverts these defaults to a higher value.

I recommend spreading the requests in smaller requests instead of sending a huge request in a short period of time. Disabling or increase the built-in API limits needs be the last option.

In addition, the Admin provides a configuration setting for limiting session sizes for Admin users and storefront visitors.

To disable the input limits on the REST API requests globally you need to apply one of the following patches. You have to install the patch applicable to your version.

Do you need help?

In case you need help from a professional team with integrations experience to make your middleware, integrator or adaptor work better, don’t hesitate to contact me!

About me

Picture of Rafael Corrêa Gomes

Rafael Corrêa Gomes

Senior e-commerce developer and architect based in Montreal, Canada. More than ten years of experience developing e-commerces, saas products and managing teams working with Magento, Shopify, PHP, JavaScript, and NodeJS.