API Limits and Access Tokens

GitHub, Bitbucket and GitLab enforce rate limits on their APIs, meaning the number of requests sent from your website to their API must be limited. To manage this, WP Repo Releases employs two mechanisms: caching and the use of access tokens.

Caching

Caching effectively reduces the number of requests sent to the GitHub and Bitbucket APIs. For more information, please refer to the Caching article.

Access Tokens

Access tokens serve to authenticate your server with the GitHub and Bitbucket APIs. You can generate these tokens in your account settings on their respective platforms:

Github

https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic

Please make sure to grant these scopes to the access token:

Bitbucket

https://support.atlassian.com/bitbucket-cloud/docs/create-a-repository-access-token/

Please make sure to grant these scopes to the access token:

GitLab

https://gitlab.com/-/user_settings/personal_access_tokens

Click on “Add new token” and grant access to the “read_api” scope. We recommend removing the expiration date because WP Repo Releases will not be able to work after this date.

Private Repositories

Please be aware: To access private repositories, the use of access tokens is always required.

Accessing private repositories comes with certain limits:

  • Displaying private resources, such as images in the release notes, is not possible.
  • Allowing users to open links to release pages is also not feasible, as these pages are private. We recommend disabling these links.
  • Enabling users to download release artifacts is not possible; therefore, we advise turning off download links.
Scroll to Top