Skip to main content

/sys/quotas/config

The /sys/quotas/config endpoint is used to configure rate limit quotas.

Create or update the rate limit configuration

MethodPath
POST/sys/quotas/config

Parameters

  • rate_limit_exempt_paths ([]string: []) - Specifies the list of exempt paths from all rate limit quotas. If empty no paths will be exempt.
  • enable_rate_limit_audit_logging (bool: false) - If set, starts audit logging of requests that get rejected due to rate limit quota rule violations.
  • enable_rate_limit_response_headers (bool: false) - If set, additional rate limit quota HTTP headers will be added to responses.

Sample payload

{
"rate_limit_exempt_paths": [
"sys/internal/ui/mounts",
"sys/generate-recovery-token/attempt",
"sys/generate-recovery-token/update",
"sys/generate-root/attempt",
"sys/generate-root/update",
"sys/health",
"sys/seal-status",
"sys/unseal"
],
"enable_rate_limit_audit_logging": true,
"enable_rate_limit_response_headers": true
}

Sample request

$ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/quotas/config

Get the rate limit configuration

MethodPath
GET/sys/quotas/config

Sample request

$ curl \
--request GET \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/quotas/config

Sample response

{
"request_id": "259801bd-a0c9-9350-8eb9-26c91afd19c6",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"enable_rate_limit_audit_logging": false,
"enable_rate_limit_response_headers": false,
"rate_limit_exempt_paths": [
"sys/internal/ui/mounts",
"sys/generate-recovery-token/attempt",
"sys/generate-recovery-token/update",
"sys/generate-root/attempt",
"sys/generate-root/update",
"sys/health",
"sys/seal-status",
"sys/unseal"
]
},
"warnings": null
}