Reputation: 309
Rate limiting signup API
We are are small start up and we are using SailsJS(which sits on top of NodeJS) on our backend. Ours is a API driven architecture. I want to implement rate limiting for most of the API's. I want to start with a small use case for Signup. Signup is a public API and currently anyone can access it to create accounts.
- My question is how can I prevent DoS attack by rate-limiting this public API?
- Lets say I rate limit this API based on IP address. Then the problem would be if some users are in a same organization. They can have same IP address. So, how do we make sure they are rate limited properly?
I really appreciate your suggestions and opinions.
Upvotes: 5
Views: 1538
Answers (1)
Reputation: 707916
If signup does not have to be purely a programmatic API and can be required to go through a web page, then you can use either a captcha or some other "prove you're a human" mechanism for the signup operation specifically. This will prevent programmatic DoS on the signup API since each request requires human intervention.
Other API requests would need rate limiters though to prevent abuse of an account that was already created. Those subsequent API calls will presumably be referencing a specific account so you can handle the shared corporate IP address by rate limiting the account, not the IP address.
Upvotes: 5
Related Questions
- How to deal with api that rate limits requests?
- Dealing with rate limiting APIs in NodeJS
- Limiting user requests to a specefic url NODEJS server
- node.js limit number of requests from a user
- Nodejs Express, How to rate limit each user of my website when calling my API?
- How to rate limit a node.js API that uses JWT?
- Node.js HTTP how to do an HTTP request rate limit?
- apply rate limit login api on IP specific not gloablly
- Node js Rate Limit
- Rate limit API queries in node.js