CODEWITHSUNDEEP
phpmysqlapilimit
Jeremy Dicaire
Jeremy Dicaire

Reputation: 4905

How to store api request count to a PHP script for fast reply to the client?

I recently asked here : How to know which website ask for an external image served by php?

A third party website request an image like:

<img src="http://www.myserver.com/mypage.php?api=APIKEY&text=some-text-here" alt=""/>

I need to limit the access for a specific api key on a hourly and daily basis.

Now I stored some data on a mysql DB:

id, apikey, limit_ip, limit_referer, limit_hour, limit_day

1, JFKHJSDLGHUFIE, 127.0.0.1, *, 250, 10000

<?php

//Verify Referer
if(
    !isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] == "" ||
    !isset($_GET['apik']) || $_GET['apik'] == "" ||
    !isset($_SERVER['REMOTE_ADDR']) || $_SERVER['REMOTE_ADDR'] == "") {
        exit("API error, your referer informations aren't set");
} else {
    //Site referer
    $site = $_SERVER['HTTP_REFERER'];
    //Ip referer
    $ip = $_SERVER['REMOTE_ADDR'];
    //Get api key
    $apik = htmlentities($_GET['apik']);
    
    try
    {
        $options = array(
            PDO::MYSQL_ATTR_INIT_COMMAND    => "SET NAMES utf8"
        );
        //MySQL connection
        $bdd = new PDO('mysql:host=localhost;dbname=apitest', 'root', '', $options);
    }
    catch(Exception $e)
    {
        //If error, die
        die('Error: '.$e->getMessage());
    }
    
    
    //Lookup for the apikey in the database
    $answer = $bdd->query('SELECT * FROM apiCode WHERE apikey = "'.$apik.'" LIMIT 0,1');
    //Fetch settings for this api key
    while ($data = $answer->fetch()) {
        $limit_ip = $data['limit_ip'];
        $limit_referer = $data['limit_referer'];
        $limit_hour = $data['limit_hour'];
        $limit_day = $data['limit_day'];
    }
    
    //Verify API limits
    //Cookie, session, database? 
    
    
    //Return content
    echo "Api : Success!";
    
}

I think the best way is to create a table in the database like:

id, access_hour, access_day

Reset the access_hour field each hour with cron job, etc. but it will take much more time to serve the content because MySQL is so much sloooooww and it's better if it'S quick :).

Cookies will be stored on the remote computer so it is not reliable.

Session's duration are 15 minutes... so it's too short to store and limit access.

All statements from the above are from my point of view only.

My question is: how to store and limit the number of access for a specific API key hourly and daily without* affecting the serving speed?

Upvotes: 1

Views: 1939

Answers (1)

Gavin Towey
Gavin Towey

Reputation: 3200

I wouldn't put this data in mysql. You don't need durability, or persistance for this kind of information. It would be much better to use memcached, and use an algorithm like the following:

http://en.wikipedia.org/wiki/Leaky_bucket

Upvotes: 2

Related Questions