Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are common ways of implementing web API request throttling/rate-limiting?

What are common ways of implementing web API request throttling? Are there any libraries for common web frameworks (Rails, Django, Java, etc.) that give you this along with temporary banning?

A related question suggests that the rate limiting is done at the web server by limiting requests by IP, but that would mean that all requests are treated equally. It seems like throttling needs to be handled by the application because:

  1. Some API calls may have different rate limits (e.g. an autocompletion API would have a higher limit than other calls)
  2. Temporary banning by API key can't be handled by the web server
  3. Requests coming from behind a proxy are treated the same (?)

related questions: here, here, and here

like image 651
Ken Liu Avatar asked Feb 24 '10 15:02

Ken Liu


2 Answers

Django-Piston has some neat throttling in there. Check out the source http://bitbucket.org/jespern/django-piston/wiki/Home

like image 145
Steve Jalim Avatar answered Oct 18 '22 16:10

Steve Jalim


You might also want to use tools like IPtables (linux) to hard limit some of the incoming traffic. There are also third party services like 3scale (http://www.3scale.net - disclaimer - I work for them :-) ) which allow to keep track of and manage all the usage limits you want to apply to traffic on a per-user basis.

like image 41
steve Avatar answered Oct 18 '22 14:10

steve