API Rate Limits

[gnito-org]

Problem

The rate limit for Overall API Requests is extremely punishing, if not plain unworkable, for a SaaS service that provides Bluesky services to thousands of users.

The backend server that makes Bluesky API calls (for example, to publish posts) runs into this IP rate limit in a flash, and it's not because any one user is flooding the system, it's because thousands of users' posts need to be published within a particular 5-minute period.

Solution

Make it so that the IP rate limit applies only to unauthenticated API calls, and let all authenticated calls have their own account-specific rate limits.

That way the network remains protected against abuse by unauthenticated calls, as well as protected against abuse by individual users.

The added advantage is that an abusive user does not affect the API availability for any other user.

I sincerely hope this matter attracts your approval because without it, the provision of high-traffic SaaS services for the Bluesky service will be virtually impossible.

[gnito-org]

This change will not have any material impact on spammers.

The serious spammers are always going to employ a combination of serial account creation and rapid IP rotation and/or proliferation.

The only material effect of this IP rate limit is the stifling of serious business applications that are used by millions of users, which is not in the best interests of Bluesky.