I recently received an email from Confluence regarding API rate limiting for free apps. The email mentioned that all free apps must enforce API rate limiting due to fluctuating API request volumes. To ensure compliance, I need detailed information on the exact requirements.
Could you please clarify the following points:
Rate Limits
What are the exact rate limits (e.g., requests per minute/hour) that free apps should enforce?
Are the limits different for different APIs (e.g., REST, GraphQL)?
Mandatory Headers
What headers should be included in API requests for proper rate limiting?
Is there a specific way to handle rate-limited responses (e.g., Retry-After, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining headers)?
Best Practices
Are there recommended strategies for handling rate-limited requests (e.g., exponential backoff, queuing)?
Should apps proactively monitor API usage and adjust accordingly?
Policy Enforcement
Will Atlassian provide test environments to verify compliance before enforcement?
I appreciate your guidance on these requirements so I can update my app accordingly.