Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [rate-limiting]

9 questions
19
votes
4 answers

Rate limiting *un*-authenticated requests

Say we have a load balancer that also does rate limiting. Rate limiting seems pretty straightforward for logged-in users - just look at the JWT and maybe use an in-memory data-store to see how many requests in the last 10 seconds for that…
user290257
1
vote
1 answer

Pattern to limit message queue processing based on external API throttling

I have a project where there's an external API which implements throttling. Roughly speaking, I'm allowed to perform N requests per minute. I also have a message queue (Apache Kafka) whose consumers consume API requests: a consumer receives an API…
Yos
  • 155
  • 1
  • 10
1
vote
2 answers

Does API Rate Limiting Violate REST Methodology?

Information given here adequately explains the "Stateless" nature of REST. Even going as far as to say: For becoming stateless, do not store even authentication/authorization details of client. Provide credentials with the request. Each request…
Jacob Blomquist
  • 121
  • 4
1
vote
2 answers

How to limit the amount of requests by minute to a external system on a micro services environment?

I'm having some problems to think on a solution to control the amount of requests by minute to a external system on a micro services environment on Kubernetes. The scenario This external system is an e-mail marketing application (called Responsys)…
Dherik
  • 2,406
  • 20
  • 33
0
votes
0 answers

Dealing with third party api rate limit when using multiple services

I have 1 api key that has a rate limit 1000req/1min. I would like to somehow use 50% of that limit in service 1 and 50% of that limit in service 2. Let's say they're just 2 separate processes using the same api key. How could I implement…
Konrad
  • 1,529
  • 2
  • 17
  • 32
0
votes
4 answers

Best practices for calling from one microservice to another in a loop

Let's assume we have a use case where ServiceA needs to make several calls to ServiceB. I know it would be best if the calls could be consolidated as one request, but let's say that's just not possible for this use case. My question is who should…
cppNoob
  • 101
  • 1
0
votes
1 answer

Should REST API rate limiting specifics be told to the caller?

I have an REST API, which has a rate limit of 1 query per IP per 5 seconds. When the user tries to call the API too often, I respond with the HTTP status code 429 Too Many Requests and a JSON message. Now the question is, should I tell my API…
ruohola
  • 223
  • 2
  • 12
0
votes
1 answer

How to reduce DoS and DDoS attacks in an authenticated web server

I came up with an model to reduce DoS and DDoS attacks and would like your input on its effectiveness... Basically, once a request reaches our servers without having a valid key, we add a key as a query parameter of the url, then return a redirect…
McKabue
  • 107
  • 2
-2
votes
1 answer

Smooth out requests to rate limitted API

wasted requests not enough time for those requests | | | | (1) |-x--x-----------------x----x--x--x| x x (executing requests) .. . …
Maxxik CZ
  • 101
  • 1