API Limits and Access Tokens
Documentation › API Limits and Access Tokens
GitHub, Bitbucket and GitLab enforce rate limits on their APIs, meaning the number of requests sent from your website to their API must be limited. To manage this, WP Repo Releases employs two mechanisms: caching and the use of access tokens.
Caching
Caching effectively reduces the number of requests sent to the GitHub and Bitbucket APIs. For more information, please refer to the Caching article.
Access Tokens
Access tokens serve to authenticate your server with the GitHub and Bitbucket APIs. You can generate these tokens in your account settings on their respective platforms:
Github
Please make sure to grant these scopes to the access token:
Bitbucket
https://support.atlassian.com/bitbucket-cloud/docs/create-a-repository-access-token/
Please make sure to grant these scopes to the access token:
GitLab
https://gitlab.com/-/user_settings/personal_access_tokens
Click on “Add new token” and grant access to the “read_api” scope. We recommend removing the expiration date because WP Repo Releases will not be able to work after this date.
Private Repositories
Please be aware: To access private repositories, the use of access tokens is always required.
Accessing private repositories comes with certain limits:
- Displaying private resources, such as images in the release notes, is not possible.
- Allowing users to open links to release pages is also not feasible, as these pages are private. We recommend disabling these links.
- Enabling users to download release artifacts is not possible; therefore, we advise turning off download links.