Since Magento 1 we all needed to set up the API limits completely from the integration to not oversaturate the application. The API Rate Limit is a market pattern to all saas platforms (e.g. Shopify and Salesforce).
Adobe Commerce 2.4.3 brought us the API rate limit out-of-the-box in the new version, so we don’t have to worry so much from the middleware side, we might have control over the API limit during communications from both sides, which is amazing!
Magento 2.4.3 introduced built-in rate limiting to Magento APIs to prevent denial-of-service (DoS) attacks.
Default API limits
By default, Magento implemented the following built-in API rate limiting. However, you might be able to configure it during the development, you just need to check the API security documentation.
- REST requests containing inputs representing a list of entities are limited to a default maximum of 20 entities.
- REST and GraphQL queries that allow paginated results are limited to a default maximum of 300 items per page.
Magento extensions impact
The new feature introduced prevents DoS attacks by imposing restrictions on the number of resources requested by a Web-API in a single request. However, we do realize that this change may impact extensions that update thousands of products via a single API request.
How to disable Adobe Commerce API limit
In order to globally disable the API limits, you can just apply a hotfix that reverts these defaults to a higher value.
I recommend spreading the requests in smaller requests instead of sending a huge request in a short period of time. Disabling or increase the built-in API limits needs be the last option.
In addition, the Admin provides a configuration setting for limiting session sizes for Admin users and storefront visitors.
To disable the input limits on the REST API requests globally you need to apply one of the following patches. You have to install the patch applicable to your version.
Do you need help?
In case you need help from a professional team with integrations experience to make your middleware, integrator or adaptor work better, don’t hesitate to contact me!