What are common ways of implementing web API request throttling/rate-limiting?
What are common ways of implementing web API request throttling? Are there any libraries for common web frameworks (Rails, Django, Java, etc.) that give you this along with temporary banning?
A related question suggests that the rate limiting is done at the web server by limiting requests by IP, but开发者_开发知识库 that would mean that all requests are treated equally. It seems like throttling needs to be handled by the application because:
- Some API calls may have different rate limits (e.g. an autocompletion API would have a higher limit than other calls)
- Temporary banning by API key can't be handled by the web server
- Requests coming from behind a proxy are treated the same (?)
related questions: here, here, and here
Django-Piston has some neat throttling in there. Check out the source http://bitbucket.org/jespern/django-piston/wiki/Home
You might also want to use tools like IPtables (linux) to hard limit some of the incoming traffic. There are also third party services like 3scale (http://www.3scale.net - disclaimer - I work for them :-) ) which allow to keep track of and manage all the usage limits you want to apply to traffic on a per-user basis.
精彩评论