Rest Service enforced return limit

In our application we are opening up the rest services for external use for a number of different developers to program against. We are allowing users to hit the Entity services as well as pre-built API queries. What I don’t want to have happen is for some developer to bring the system to its knees by arbitrarily selecting EVERYTHING from a table. Is there a way to limit the number of objects that get returned per request, or somehow require that they use the limit parameter and validate that it doesn’t go higher than a number e.g. 500? This sounds like it would be a core setting somewhere but I haven’t been able to find it.


Actually, if no limit is specified in the REST API request to the entities controller or to the queries controller, then the number of returned entities will be limited by the maxFetchUI setting (read more here). By default, maxFetchUI value is 10000. You can change this value for particular entity type using the PersistenceManagerMBean. Will that work for you?

Another option is to override the EntitiesControllerManager and perform all required validations there.