Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maybe we can add throttling to the API #25

Open
jllorencetti opened this issue Jul 10, 2016 · 4 comments
Open

Maybe we can add throttling to the API #25

jllorencetti opened this issue Jul 10, 2016 · 4 comments

Comments

@jllorencetti
Copy link
Owner

Now that #18 is done, maybe it'd be a good idea to add throttling to the API, here.

For now I don't think that we really need some great values, probably 1/minute will be fine.
@cuducos
Copy link
Contributor

cuducos commented Jul 20, 2016

I'm not really sure about what it really means:

Before running the main body of the view each throttle in the list is checked. If any throttle check fails an exceptions.Throttled exception will be raised, and the main body of the view will not run.

Does it really block access to data (responding the request with a 4XX HTTP status?) or it just returns cached data?

As we have only GET entry points to the API so far (I mean, people do not send data to Pets), I would limit access (i.e. save resources) by recurring to a cache, but not blocking access to data:

  • Once there is a request, the response is saved in Redis or something like that;
  • For the next few minutes (hours?) every request to the same entry point respond with the cached response, not really accessing the view, the database and so on…
  • The first request after a few minutes (hours?) generate a new cached version, valid for the next interval and so on.

I use this approach with the news in Cunha já caiu? (in the backend there is requests, requests-cache and Redis).

@jllorencetti
Copy link
Owner Author

Hey @cuducos thanks again!

The idea behind the throttling suggestion is not about saving resources, to be honest.
It's more about helping others be better internet citizens, and choosing a reasonable refresh rate.

I mean, at the moment the only website using the code is really small, we usually get a new pet once per week or even less. So there isn't much point refreshing, let's say, every second.
With this in mind I'd probably prefer to put some kind of "road block" and deny access to the data in cases of "abuse".

This way I hope that if someone come across the API, decide to create an app for it, using a production website to test it, they will probably hit the rate and hopefully change the rate refresh. But sure, it's just speculation from my side.

Hopefully we'll face a time that we''ll need a cache system in place, but I don't think that this is case here.

What do you think about it?

@cuducos
Copy link
Contributor

cuducos commented Jul 21, 2016

Ok… I get it. I think my mind just plan on needs & requirements, so that's why I misunderstood you. But I do get your point and I'm willing to experiment with this feature from Django REST Framework — so this might be my next commit. Can't promise anything soon, unfortunately.

@jllorencetti
Copy link
Owner Author

@cuducos no problem!
Take your time, the help is much appreciated. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jllorencetti @cuducos