Rate Limit not working with Python-JIRA version

Hi all,
We are using JIRA Data Center 8.13.9
This question relate to Rate Limit and Python-JIRA package
We have enabled Rate Limit feature - we have blocked all users but a single one, that user got 4 tokens a minute

When accessing JIRA using Rest API directly - the user is blocked after 4 calls till the next timeframe
but when we are using the Python-JIRA package we are able to send unlimited calls and make more then 4 changes with that user.

This is surprising as I understand that Python-JIRA package is using rest calls.

has anyone tired this use case? and/or can explain/test it?

1 Like

I have run into this bug as well. Atlassian is tracking it here, but it’s not being given the right level of priority based on it’s impact: * JRASERVER-70560 - Initial requests cause subsequent requests to be not rate limited for some REST client tools

XSRF token reuse in the python client is what allows rate limiting to be bypassed. I haven’t been able to figure out a way to prevent the python client from using this so far.

Thanks for this info - I see it as a Security risk - in my case it slows the DC to a point it crushes - I’ll try to escalate from my end.