feat(dashboard): update key ratelimits through api sdk#6594
Conversation
d13872a to
8ea725b
Compare
52c662c to
68dd16f
Compare
68dd16f to
c7aaa95
Compare
8ea725b to
2edc891
Compare
2edc891 to
feff938
Compare
c7aaa95 to
44d7744
Compare
feff938 to
efbfea2
Compare
44d7744 to
0b536fa
Compare
efbfea2 to
f1027eb
Compare
0b536fa to
c1ed212
Compare
c1ed212 to
aece5fc
Compare
f1027eb to
111e7bc
Compare
aece5fc to
7bc26e1
Compare
111e7bc to
15a19e8
Compare
15a19e8 to
eba63f0
Compare
7bc26e1 to
157d68a
Compare
eba63f0 to
d43d518
Compare
157d68a to
717dfbc
Compare
d43d518 to
6c91d58
Compare
717dfbc to
5e84776
Compare
…onark/dashboard-sdk-update-key-ratelimits
There was a problem hiding this comment.
✅ No new issues found.
Reviewed changes — routes dashboard key ratelimit edits through the public API SDK (keys.updateKey), replacing the bespoke tRPC route, following the same pattern already used for credits, external-id, metadata, and expiration.
- Migrate
useEditKeyRatelimitsto the SDK —hooks/use-edit-ratelimits.tsnow callsgetUnkeyClient().keys.updateKey({ keyId, ratelimits })via a plainuseMutation, mapping form rules to{ name, limit, duration: rule.refillInterval, autoApply }. - Clear on disable — sends an empty (non-nil)
ratelimits: []when limits are disabled, which the v2 handler treats as "delete all existing rules." - Toast/cache wiring —
onSuccessreadsvariables.keyId(wasdata.keyId) and invalidatestrpcUtils.api.keys.list;onErroruses the sharedgetErrorMessagehelper. - Remove legacy route — deletes
lib/trpc/routers/key/updateRatelimit.tsand itskey.update.ratelimitregistration inrouters/index.ts. - Comment rename —
edit-ratelimits/index.tsxcomment updateduseEditRatelimits→useEditKeyRatelimits.
I verified the load-bearing API contract against svc/api/routes/v2_keys_update_key/handler.go: ratelimit reconciliation is gated on req.Ratelimits != nil and keyed by name, so an empty non-nil array clears all rules (disabled path) and a populated array performs a full delete-missing + upsert (enabled path) — matching the old tRPC behavior. The mapped field names and types line up with the SDK RatelimitRequest schema.
Two non-blocking observations, both inherited from the broader SDK-migration effort rather than introduced here:
- The v2 API reconciles ratelimits by name, so renaming a rule is a delete + recreate (the row id and created timestamp reset). This differs from the old id-keyed tRPC path but is how every v2 client behaves.
- The removed tRPC route emitted a
ratelimit.updateaudit event with per-rule metadata; the v2 handler's ratelimit block emits no ratelimit-specific audit event. This granular audit trail is lost — consistent with the credits/external-id migrations, so likely intentional, but worth confirming that dropping the per-rule audit detail is acceptable.
@v0 or keep the SHA fresh with Dependabot | View workflow run | Using Claude Opus | 𝕏

What changed
keys.updateKeyratelimitspayloadratelimitsarray when limits are disabled so the API clears existing ruleskey.update.ratelimittRPC routeVerification
Change ratelimits of a key in the dashboard