Rate Limiting?
What is rate limiting?
Rate limiting is a way to control the flow of traffic on a network. The way they are able to control the network’s traffic flow is by limiting the amount of times a user can do a task or hit the api. Here are a few examples: Say the user is rapidly clicking the try again button but every time the button is clicked it pings the backend causing stress on the server and increasing the amount of traffic on the network. But if they put a rate limit lets say 50 requests/minute then if I make 51 requests within one minute then an error would be triggered or will send the user a message.
Why use rate limiting?
Here are a few reasons to use rate limiting. Like I said in the part earlier it will help control the networks traffic flow and help keep stress on the servers low. But it also helps prevent bot attacks like DDoSing or brute force attacks. It also helps handle the api usage and overloaded servers. That’s actually the reason this idea came to mind. But rate limiting an api has benefits for both the company and the user. The benefits for the company would be the points I’ve already covered along with other benefits I’m sure. The user/customers benefits are as follows: 1) say the company has a free amount of api calls a day but the user somehow makes a infinite loop that keeps calling the api then goes 34,000 over the free 1000. If the company had rate limiting say 100 requests/minute the user would be saved. 2) This would also help the user’s machine run a bit smoother.
An example of why rate limiting is a good choice.
How rate limiting
While researching how to implement rate limiting I came across two algorithms that seem somewhat user friendly. The two algorithms are Leaky Bucket and Fixed Window.
Leaky Bucket uses a queue and as requests are made the queue fills up. Once the queue is full all other requests are going to be discarded and since we are using a queue it’s first in first out. So the queue is like a bucket and the requests are the water and as they are completed they leak from the bucket.
Fixed Window A window sized by time so the window could be x amount of seconds. Each request will raise a counter and the counter has reached its threshold for that window of time no more request will be taken.
This blog was inspired by an incident that happened to me where I was making an api call and something caused my browser to freeze and my app kept making api calls. So if you take anything from this blog please start looking to see if your api’s are rate limited or use free apis only. I hope you learned something from this blog as normal all the links I used to research are going to be below.
Helpful links
