API request limit

Question

I'm designing an API for my web application and I want to limit the number of requests a user (with unique token) can make. How can I design it such that the number of requests made is incremented by 1 after each request, but also avoids inconsistencies, such as when a user makes another request before I've updated the request counter?

Answer 1

It will depend on the data store you ultimately decide to use and how you implement incrementing the counter value. SQLite is transactional, so it will follow the ACID properties. You'll need to make sure that the application logic isolates the transactions properly, i.e. you can't retrieve the current value of the counter from the database, take some actions, and then increment it and update the data store. I imagine allowing the data store to handle the incrementation of the value directly would probably be best, e.g. SQLite - increase value by a certain number

The following is very specific to your question, and might be helpful: How To Rate-Limit An API