Summary
API invites by email are silently rate-limited, and rate limits are undocumented.
Steps to reproduce
Using 5.25.1, attempt to call the Invite users to the team by email
API call with a list of more than 20 email addresses.
http://your-mattermost-url.com/api/v4/teams/{team_id}/invite/email
Expected behavior
If rate limiting is applied, the API call should fail. Rate limiting should be documented in the API reference.
I would expect an HTTP response code in the 400 range. Possibly 413 (request entity too large) with a retry-after
header indicating when the next batch could be accepted.
Observed behavior
The API returned a 200 result code, and mattermost wrote the following to its log:
{"level":"error","ts":1596150191.2522833,"caller":"mlog/log.go:175","msg":"Invite emails rate limited.","user_id":"gst7u7g9zbdsbmiesiwkjnuqcw","team_id":"pieu7ohjkibntm6jko86jxrgao","retry_after":"-1ns"}
The only reference I can find to this rate limit is in this other forum post. I can’t find it in the general documentation, and it is definitely not documented in the API reference.
It seems to me that the API call should be updated to include a result code that indicates the list of addresses is too large (e.g. 413). The parameters of the rate limit should also be documented (how many email addresses are allowed … how long one must wait before sending more … etc).
If the rate limit could be made configurable that would also be useful.
In the mean time, can someone clarify for me exactly what limits are placed on this call?
Thanks!