API rate limits can be customized per organization
Custom API rate limits and burst allowances can be configured for individual organizations through a new back-office interface.
Standard API rate limits do not work for every customer. High-volume tenants often need exceptions to keep their integrations running smoothly without hitting throttling ceilings.
API rate limits can now be customized on a per-organization basis. From a new back-office dashboard in the webapp, the system default can be overridden by setting a specific refill rate, interval, and burst allowance for any specific tenant. A real-time, plain-English preview calculates the resulting sustained rate so limits are configured correctly before saving.
Support flows are simplified, as enterprise exceptions can be granted immediately without requiring direct database access or code deployments.
View Original GitHub Description
Summary
- New Back office tab at
/admin, per-org detail page at/admin/back-office/orgs/:orgIddesigned to host future per-org admin actions (project count, delete account, YC deals). - First action: edit an organization's API rate limit — tokenBucket override (refill rate, interval, max tokens), with a live plain-English preview (e.g. "1,500 requests per minute · 750 request burst allowance"). Writes are audit-logged via the server logger.
- Cleanup: removed unused
v2?/v3?columns from the admin orgs list (display only — Prisma select untouched).
Test plan
- Back office tab visible in admin nav and highlighted when on a sub-route
-
/admin/orgsshows a Back office "Open" link per row; no v2/v3 columns - Empty state at
/admin/back-officelinks back to/admin/orgs - Detail page renders the effective rate limit in view mode; Edit reveals the form
- Save writes
Organization.apiRateLimiterConfig, returns to view mode, shows "Rate limit saved." banner - Invalid values surface inline field errors and keep edit mode
- Non-admins hitting any new route are redirected to
/ - Server logs show
admin.backOffice.rateLimitinfo line per mutation