No rate-limiting with admin JWT

Open hf opened this issue 3 years ago • 2 comments

GoTrue enforces rate limiting even for the admin JWT, which should not be the case. See #651.

Sep 30 '22 10:09 hf

Hello @hf, is this still applicable? I'm looking for an issue to contribute with, not sure if this is a good one. Thanks!

Jul 30 '24 03:07 rafaeleyng

This is still an issue, however it's a bit more complex to solve. We are rolling out a new type of API key which will finally enable us to do this safely and securely.

Approximate timelines:

New API keys go live during October 2024
Secret API keys get the ability to provide an additional header on which Auth will do rate-limiting -- towards the end of 2024

Please stay tuned on this issue for updates.

Sep 25 '24 20:09 hf