Rocket.Chat's Community Open Call 🎤 Dec 15, 2021 Join us!

Error-too-many-requests on updateOwnBasicInfo

I read on a separate issue that there is a limit on the frequency of username changes, which I think caused the issue. Unfortunately, we have a use-case that may require frequent changes on username.

My question is, is it possible to remove the limit? If so, could you show me where I could change such limit?

I am not sure about this error specifically about changing the username.

Depending on how often you change it, if using the API, you can face api rate limits.

If that’s the case, you can change those options at:
Admin > Rate Limiter

let me know if that’s the case here.

Well, it only seems to happen when changing the username frequently.
Also, we would like to be able to set the api rate limits on server startup, so it would be helpful if you tell me where I can change the settings on the source code, if that’s possible.
I’ve been able to change some settings through apps/api/servers/settings.js, but I can’t seem to find the name for Rate Limiters…

I don’t think it’s necessary or optimal to change the source code for tweaking the rate limit or any other settings.

If you change it from the interface, it will stay like that.

Also, you can use the API to enable or disable it, changing the setting API_Enable_Rate_Limiter to true or false accordingly and depending on your requirements and conditions, like stated here:

This is the code for API you mentioned at title (updateOwnBasicInfo)

It’s because we are trying to distribute the system to other platforms, rather than using it for ourselves (chat is just a part of the system). So it’s much more convenient for us to just have the settings when we deploy it instead of going through the interface every time.

Anyways, I checked lib/server/startup/settings.js for API_Enable_Rate_Limiter, and it seems that it is set to “false” (I’ll check through the API later, I don’t have the admin account yet). Is ‘API_Enable_Rate_Limiter’ the only thing that could possibly block updateOwnBasicInfo?

It just might be a side-effect of not updating the (the current version we are using now is 3.10.0), so I wanted to make sure before I update that no settings are getting in the way.

Hey, I found this while I was searching…

It says "Note: Some endpoints (like /api/v1/users.updateOwnBasicInfo ) might trigger the rate limiter and cannot currently be customized/disabled in Administration Panel "

So it looks like you do have to change the source codes to remove the limiter, since you can’t change it through Administration Panel? Or is the docs simply outdated?

So looking at the doc, it looks like you can add rateLimiterOptions on the part of code you’ve mentioned. Does this work even on updateOwnBasicInfo? Or maybe I should just try it out myself to see if it works…

In case it doesn’t, I’m kind of out of options, so it would be helpful if you could tell me there’s other ways to remove the limiter…

So, I did try putting ‘rateLimiterOptions:false’ in the fields, and this is a part of code in the build result (after doing meteor build --server-only).

which is located at /bundle/programs/server/app/app.js. So I’m certain that the parameters are passed on correctly as was specified in “”, yet when I call updateOwnBasicInfo frequently, I get a 423 error saying:

So apparently, passing a rateLimiterOptions : false does not work for updateOwnBasicInfo. I would like to know if there are other ways to eliminate the limiter, or if it is simply impossible for a user to update their nickname frequently.


You can disable the entire Rate Limit, changing the option or giving the user the by pass rate limit permission.

I still don’t understand why you need to change the code for that.

I have a dev environment were I needed to disable this, and it has worked fine: