From 079dd47df2c9a940f10487795c95dfc7ebd35bb6 Mon Sep 17 00:00:00 2001
From: Edward Oliveira <edwardr@senado.gov.br>
Date: Wed, 13 May 2026 17:04:45 -0300
Subject: [PATCH] Raise API rate limit threshold and relax quotas
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- API_RATE_LIMIT_THRESHOLD: 35 → 120 req/min
- API_RATE_LIMIT_BLOCK_SECONDS: 300 → 60 s
- API_QUOTA_DAILY: 1 000 → 100 000
- API_QUOTA_WEEKLY: 7 000 → 700 000 (7× daily)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 sapl/settings.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sapl/settings.py b/sapl/settings.py
index 58e8bd208..adb77dd31 100644
--- a/sapl/settings.py
+++ b/sapl/settings.py
@@ -439,15 +439,15 @@ RATE_LIMIT_BYPASS_PATHS = [
 # API quota — daily and weekly call caps for all /api/ callers (anon and auth).
 # All callers are keyed by IP — auth status is not checked.
 # Weekly default is 7× the daily cap.
-API_QUOTA_DAILY = config('API_QUOTA_DAILY', default=1000, cast=int)
-API_QUOTA_WEEKLY = config('API_QUOTA_WEEKLY', default=7000, cast=int)
+API_QUOTA_DAILY = config('API_QUOTA_DAILY', default=100000, cast=int)
+API_QUOTA_WEEKLY = config('API_QUOTA_WEEKLY', default=700000, cast=int)
 
 # API-specific per-minute rate limit for external (non-same-origin) anonymous calls.
 # Abuse writes rl:api:ip:<ip>:blocked only — never rl:ip:<ip>:blocked.
 API_RATE_LIMIT_ENABLED = config('API_RATE_LIMIT_ENABLED', default=True, cast=bool)
-API_RATE_LIMIT_THRESHOLD = config('API_RATE_LIMIT_THRESHOLD', default=35, cast=int)
+API_RATE_LIMIT_THRESHOLD = config('API_RATE_LIMIT_THRESHOLD', default=120, cast=int)
 API_RATE_LIMIT_WINDOW_SECONDS = config('API_RATE_LIMIT_WINDOW_SECONDS', default=60, cast=int)
-API_RATE_LIMIT_BLOCK_SECONDS = config('API_RATE_LIMIT_BLOCK_SECONDS', default=300, cast=int)
+API_RATE_LIMIT_BLOCK_SECONDS = config('API_RATE_LIMIT_BLOCK_SECONDS', default=60, cast=int)
 API_RATE_LIMIT_SAME_ORIGIN_BYPASS = config('API_RATE_LIMIT_SAME_ORIGIN_BYPASS', default=True, cast=bool)
 
 # Media file serving — serve_media (sapl/base/media.py) via X-Accel-Redirect.