Skip to content

Configure rate limiting on certain API endpoints

  • Author: Janika Ruoranen
  • Date / Version: 19/02/2024

User roles

  1. Dev
  2. Test

Prerequisites / Conditions

  1. The API endpoints to be rate-limited should be identified.
  2. The maximum allowed rate and time window for the rate limit should be determined.

Use Case Diagram

uml diagram

Description of use case -eg. Modify existing request

  1. The development team identifies specific API endpoints that require rate limiting to prevent abuse or overload of the system.
  2. The team configures the rate-limiting rules for each identified endpoint, specifying the maximum number of requests allowed within a certain time window (e.g., 100 requests per minute).
  3. The rate-limiting configuration is implemented using the FEA402 API limiting functionality, which allows for precise control over request rates and limits.
  4. Once configured, the rate-limiting settings are deployed to the production environment.
  5. During testing, the team monitors the API endpoints to ensure that the rate limiting is functioning as expected and that requests exceeding the defined limits are appropriately handled.

Exceptions

  • E1: If the rate-limiting configuration is not properly applied to the API endpoints, it may lead to performance issues or potential service disruptions.

  • E2: If the rate-limiting rules are too strict, legitimate users may encounter difficulty accessing the API, resulting in a poor user experience.

Result

  • The configured rate limiting ensures that the specified API endpoints are protected against excessive traffic and potential abuse.

  • Requests exceeding the defined rate limits are appropriately throttled or rejected, preventing system overload and maintaining stability.

Use frequency

  • The use case for configuring rate limiting on API endpoints may occur whenever new endpoints are introduced or existing ones require additional protection against excessive traffic. The frequency depends on the rate of development and changes to the API infrastructure.

Additional information

  • Rate limiting is a crucial aspect of API management, helping to maintain system stability, prevent abuse, and ensure fair access for all users.

  • Api rate limiting was done using tokenbucket method and express-rate-limit, to ensure that both individual IP addresses and the overall system are protected against excessive traffic.

Sources

This wiki-document is based on the The public administration recommendations

Thanks to the original authors.