Add documentation to Files API Rate Limits

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/335075 Changelog: added

Add documentation to Files API Rate Limits
Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/335075 Changelog: added
3da4af85 · Vasilii Iakliushin · Amy Qualls · 7da78439 · 3da4af85 · 3da4af85
Commit 3da4af85 authored Aug 20, 2021 by Vasilii Iakliushin Committed by Amy Qualls Sep 20, 2021
5 changed files
--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@@ -88,6 +88,20 @@ requests per user. For more information, read

 - **Default rate limit**: Disabled by default.

+### Files API
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68561) in GitLab 14.3.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available,
+ask an administrator to [enable the `files_api_throttling` flag](../administration/feature_flags.md). On GitLab.com, this feature is available but can be configured by GitLab.com administrators only.
+The feature is not ready for production use.
+
+This setting limits the request rate on the Packages API per user or IP. For more information, see
+[Files API Rate Limits](../user/admin_area/settings/files_api_rate_limits.md).
+
+- **Default rate limit**: Disabled by default.
+
 ### Import/Export

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35728) in GitLab 13.2.

--- a/doc/security/rate_limits.md
+++ b/doc/security/rate_limits.md
@@ -35,6 +35,7 @@ These are rate limits you can set in the Admin Area of your instance:
 - [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md)
 - [Package registry rate limits](../user/admin_area/settings/package_registry_rate_limits.md)
 - [Git LFS rate limits](../user/admin_area/settings/git_lfs_rate_limits.md)
+- [Files API rate limits](../user/admin_area/settings/files_api_rate_limits.md)

 ## Non-configurable limits


--- a/doc/user/admin_area/settings/files_api_rate_limits.md
+++ b/doc/user/admin_area/settings/files_api_rate_limits.md
+---
+stage: Create
+group: Source Code
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+type: reference
+---
+
+# Files API Rate Limits **(FREE SELF)**
+
+Rate limiting is a common technique used to improve the security and durability of a web
+application. For more details, see [Rate limits](../../../security/rate_limits.md). General user and
+IP rate limits can be enforced from the top bar at
+**Menu > Admin > Settings > Network > User and IP rate limits**.
+For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
+
+You can fetch, create, update, and delete files through the [Repository files API](../../../api/repository_files.md).
+
+You can define specific rate limits for the Files API in
+**Menu > Admin > Settings > Network > Files API Rate Limits**:
+
+- Unauthenticated Files API requests
+- Authenticated Files API requests
+
+These limits are disabled by default. When enabled, they supersede the general user and IP rate
+limits for requests to the Files API. You can therefore keep the general user and IP rate limits,
+and increase (if necessary) the rate limits for the Files API.
+
+Besides this precedence, there are no differences in functionality compared to the general user and
+IP rate limits. For more details, see [User and IP rate limits](user_and_ip_rate_limits.md).
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -98,6 +98,7 @@ To access the default page for Admin Area settings:
 | [User and IP rate limits](user_and_ip_rate_limits.md) | Configure limits for web and API requests. |
 | [Package Registry Rate Limits](package_registry_rate_limits.md) | Configure specific limits for Packages API requests that supersede the user and IP rate limits. |
 | [Git LFS Rate Limits](git_lfs_rate_limits.md) | Configure specific limits for Git LFS requests that supersede the user and IP rate limits. |
+| [Files API Rate Limits](files_api_rate_limits.md) | Configure specific limits for Files API requests that supersede the user and IP rate limits. |
 | [Outbound requests](../../../security/webhooks.md) | Allow requests to the local network from hooks and services. |
 | [Protected Paths](protected_paths.md) | Configure paths to be protected by Rack Attack. |
 | [Incident Management](../../../operations/incident_management/index.md) Limits | Limit the number of inbound alerts that can be sent to a project. |

--- a/doc/user/admin_area/settings/user_and_ip_rate_limits.md
+++ b/doc/user/admin_area/settings/user_and_ip_rate_limits.md
@@ -189,6 +189,8 @@ The possible names are:
 - `throttle_unauthenticated_packages_api`
 - `throttle_authenticated_packages_api`
 - `throttle_authenticated_git_lfs`
+- `throttle_unauthenticated_files_api`
+- `throttle_authenticated_files_api`

 For example, to try out throttles for all authenticated requests to
 non-protected paths can be done by setting