Composer API limit at GitHub

When using Composer for your dependency management, and getting some of those dependencies from GitHub, there is a risk that you run out of Composer API limit at GitHub. Since 14 Oktober 2012 GitHub limits unauthenticated requests. By default Composer does not use authentication, and if you exceed this limit you will be blocked for a while!

A bit of background

The Composer API limit at GitHub can be a problemComposer is a dependency manager for PHP. It is used (among others) by Symfony 2 and the Zend Framework. You define your dependencies, possibly add repositories and composer pulls in what you need. It is one of the best things that has happened to PHP, and opens up a world of new possibilities.

We’ve started using it a long time ago, but only for Symfony 2.1 applications. After going to PHPBenelux 2013, and seeing the talk on composer, our usage intensified. For instance, we’ve now published the form twig bridge.

A while ago there was a change that required everyone to install new dependencies. An e-mail was sent to all developers, and everyone started updating. This caused us to go over the so called raid limit at GitHub. It ate through the Composer API limit at GitHub. According to the Symfony 2 schedule, the release of Symfony 2.2 is coming up. This will make this problem once again more urgent.

Increasing the composer API limit

Luckily there is a solution to this problem. As you can see at the GitHub API documentation, the limit increases to 5000 when you’re authenticated. There are two steps, first you create the token and then you tell composer to use it.

The answer to the first step is to do a curl request to create a OAuth token:

curl -u 'githubuser' \
-d '{"note":"GitHub OAuth token for composer"}' https://api.github.com/authorizations

Replace githubuser with the user at github that you’d like to use. Adjust the note to your liking. By not specifying a permissions you’re creating a read only user, which is what you want composer to use :-).

Once this command is executed, you should get back a JSON string with one important key, the token. This is a 40 character hash that you’ll need.

For the second step you have two choices. You can tell an individual user on one system to use the key by creating a file in ~/.composer/ called config.json (be sure to fill in your token):

{
   "config":{
      "github-oauth":{
         "github.com":"your token"
      }
   }
}

Alternatively you can also add it to the composer.json of your project:

{
  "require" {
    // Some requires
  },
   "config":{
      "github-oauth":{
         "github.com":"your token"
      }
   }
}

In the first case you have to ensure every user has set it up correctly, in the second case you have to check all your projects. We opted for the second option, since it would be a lot of work to add the keys for every developer.

Since we applied this to each configuration we’ve had no more problems with the composer API limit at GitHub.

Leave a Reply

Your email address will not be published. Required fields are marked *