Relax API Rate Limits for Self-Hosted Deployments #2465

2025-07-18T23:20:26+08:00

julianojulio commented

2025-07-18 23:20:26 +08:00

(Migrated from github.com)

This PR introduces changes to significantly relax API rate limits for self-hosted instances of Maybe Finance, while preserving the current limits for the SaaS version.

Rationale
When importing a large number of transactions via the API in a self-hosted environment, the existing rate limits quickly become a bottleneck. This change enables power users and integrators to perform bulk imports and other high-frequency operations without being blocked by rate limiting, while ensuring that SaaS users remain protected from abuse.

Key changes

Added NoopApiRateLimiter to effectively disable API rate limiting for self-hosted mode.
Updated ApiRateLimiter to delegate to NoopApiRateLimiter when running self-hosted.
Increased Rack::Attack throttle limits for self-hosted deployments.
Added tests for NoopApiRateLimiter to ensure correct behavior.

Impact

Self-hosted users can make a much higher volume of API requests without restriction.
SaaS users continue to be protected by the existing rate limits.
No impact on existing SaaS deployments or their security.

Use case:
I'm working on a project (soon open source) to import my transactions to Maybe Finance using the API. The current rate limits are blocking the import after a few imports. These changes keep the current rate limits for SaaS while relaxing them

This PR introduces changes to significantly relax API rate limits for self-hosted instances of Maybe Finance, while preserving the current limits for the SaaS version. **Rationale** When importing a large number of transactions via the API in a self-hosted environment, the existing rate limits quickly become a bottleneck. This change enables power users and integrators to perform bulk imports and other high-frequency operations without being blocked by rate limiting, while ensuring that SaaS users remain protected from abuse. **Key changes** - Added `NoopApiRateLimiter` to effectively disable API rate limiting for self-hosted mode. - Updated `ApiRateLimiter` to delegate to `NoopApiRateLimiter` when running self-hosted. - Increased Rack::Attack throttle limits for self-hosted deployments. - Added tests for `NoopApiRateLimiter` to ensure correct behavior. **Impact** - Self-hosted users can make a much higher volume of API requests without restriction. - SaaS users continue to be protected by the existing rate limits. - No impact on existing SaaS deployments or their security. --- **Use case:** I'm working on a project (soon open source) to import my transactions to Maybe Finance using the API. The current rate limits are blocking the import after a few imports. These changes keep the current rate limits for SaaS while relaxing them

👍 3

zachgoll (Migrated from github.com) reviewed 2025-07-19 06:01:03 +08:00

zachgoll (Migrated from github.com) left a comment

Changes make sense to me! If you could get all tests / checks passing we can merge.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: gavin/maybe#2465