Questions tagged [rate-limiting]
14 questions
21
votes
4 answers
Rate limiting *un*-authenticated requests
Say we have a load balancer that also does rate limiting. Rate limiting seems pretty straightforward for logged-in users - just look at the JWT and maybe use an in-memory data-store to see how many requests in the last 10 seconds for that…
user290257
6
votes
3 answers
How to communicate API Limit between multiple applications?
We currently have 3 Spring boot applications (with multiple instances across machines each) that communicate with an API via HTTP that is not in our hands.
This API has a limit on a per-day as well as on a per-month basis.
When this limit is reached…
Raildex
- 171
3
votes
2 answers
What is the difference between Leaky bucket and Token bucket approach during rate limiting?
I am researching rate limiting and encountered those two strategies: leaky bucket and token bucket. After reading several articles these strategies seem the same too me, but all articles are mentioning different pros and cons for those approaches so…
Sankozi
- 161
3
votes
3 answers
Handling rate limits / delays in consumers without affecting performance of other operations
I have a producer that generates a batch job that consists of multiple operations (approx. 100 - 10000). These operations can be processed in any order, ideally as fast as possible.
The processing of the operations involves making several API calls…
Marian Galik
- 141
1
vote
1 answer
Pattern to limit message queue processing based on external API throttling
I have a project where there's an external API which implements throttling. Roughly speaking, I'm allowed to perform N requests per minute. I also have a message queue (Apache Kafka) whose consumers consume API requests: a consumer receives an API…
Yos
- 167
1
vote
2 answers
Does API Rate Limiting Violate REST Methodology?
Information given here adequately explains the "Stateless" nature of REST. Even going as far as to say:
For becoming stateless, do not store even authentication/authorization details of client. Provide credentials with the request. Each request…
Jacob Blomquist
- 121
1
vote
2 answers
How to limit the amount of requests by minute to a external system on a micro services environment?
I'm having some problems to think on a solution to control the amount of requests by minute to a external system on a micro services environment on Kubernetes.
The scenario
This external system is an e-mail marketing application (called Responsys)…
Dherik
- 2,504
0
votes
3 answers
Modeling “Limits”
Let’s say a person can set a limit to play a game for N minutes a day. The player may increase their limit, but the increase doesn’t take effect until the next day.
Example, person sets a limit of 10 minutes a day on Monday. They increase it on…
Kevin Meredith
- 557
0
votes
0 answers
Dealing with third party api rate limit when using multiple services
I have 1 api key that has a rate limit 1000req/1min.
I would like to somehow use 50% of that limit in service 1 and 50% of that limit in service 2. Let's say they're just 2 separate processes using the same api key. How could I implement…
Konrad
- 1,569
0
votes
4 answers
Best practices for calling from one microservice to another in a loop
Let's assume we have a use case where ServiceA needs to make several calls to ServiceB. I know it would be best if the calls could be consolidated as one request, but let's say that's just not possible for this use case.
My question is who should…
cppNoob
- 101
0
votes
1 answer
Should REST API rate limiting specifics be told to the caller?
I have an REST API, which has a rate limit of 1 query per IP per 5 seconds. When the user tries to call the API too often, I respond with the HTTP status code 429 Too Many Requests and a JSON message.
Now the question is, should I tell my API…
ruohola
- 233
- 2
- 12
0
votes
1 answer
How to reduce DoS and DDoS attacks in an authenticated web server
I came up with an model to reduce DoS and DDoS attacks and would like your input on its effectiveness...
Basically, once a request reaches our servers without having a valid key, we add a key as a query parameter of the url, then return a redirect…
McKabue
- 107
-2
votes
1 answer
Rate limiting design
I am designing rate limiting in my application in which the rules can be dynamic. I have a basic design in which every request is validated against the rate limiting quota, which is stored in redis. As the system scales, redis will become the…
Sandeep
- 199
-2
votes
1 answer
Smooth out requests to rate limitted API
wasted requests not enough time for those requests
| |
| |
(1) |-x--x-----------------x----x--x--x| x x (executing requests)
.. . …
Tekno
- 101