Reputation: 2833
How to implement rate limiting on an OAuth protected REST api?
Are there any best practices for implementing rate limiting for an OAuth2 protected api?
I realise that REDIS is often used for this, but since I'm using a db to persist the tokens, I was thinking of using that for rate limiting as well. It would store the maximum number of queries for each token and decrement that each time the token is used and then reset the counter daily or hourly.
Any major problems with that approach?
Upvotes: 2
Views: 1720
Answers (1)
Reputation: 14156
The most common algorithm used for this is Token Bucket.
You can put the logic in your app and use redis or other db as a backend. Redis is particularly interesting for this because you can use things like TTL.
I have been working on another approach moving all the logic to a daemon. I don't have clients in other technologies than node.js yet but you can check the idea here.
Upvotes: 3
Related Questions
- How to set rate limit for each user in Spring Boot?
- rate limit for rest api using spring
- How to implement and limit API calls per second in Spring Rest
- Rate-Limit an API (spring MVC)
- How do I add a rate limit filter before Oauth2 filters in Spring Boot
- Nginx "auth_request" like option for rate limiting
- Limit number of request per unit of time
- Rate limiting an API with a special exception
- OAuth2 with spring-security - limit REST access by HTTP method
- How to Implement Login Throttling with Spring Security?