Reputation: 57
How to prevent the overload/overuse on a (web) API endpoint?
Let's say I have a web server up and running with an API endpoint (for example .../post) which allows a user to create something (and save into the database). Someone could use a loop to send a huge amount of requests to that endpoint and the database will end up have rubbish data.
What is considered the best practice to protect an endpoint from being overused/overloaded by someone (hacker) in order to prevent a database overflow?
Upvotes: 3
Views: 2085
Answers (2)
Reputation: 344
One approach is to distribute API keys such that each API user has their own key to be used like a password, and when you discover one is being abused you could revoke their previous data entries to the system. If you do even a cursory google search for API security, you get lots of useful links (like this one).
Upvotes: 1
Reputation: 5827
I would recommend user or IP filtering. Basically, keep a track of every request and if someone exceeds a certain number, do not allow further requests.
You can implement it by your own by keeping a track of the number of requests of every user or IP, or you can use some already build code like Rack attack.
Upvotes: 2
Related Questions
- How to handle amount of data in Web API?
- How to design a REST API that doesn't require a client to make many requests to get the data it needs?
- REST API Design: How to break down the API object to make more scalable and robust API
- Too much response from a lot of request puts stress on the server
- How Best To Overload A RESTful Service Method?
- Designing a REST API endpoint that accepts a lot of data as input
- How to share expensive resources in WebAPI
- REST - Strategies for reducing requests while maintaining control
- Designing an efficient rest API
- Limit the number of service calls in a RESTful application