-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TASK : Rate Limiting needs to be NETWORKGRP/role/user based #57
Comments
so am working on this and getting knee deep and realizing that people are using rate limiting for far too much. Rate limiting is a tool to avoid database/data scraping. Most 'public' API's are an amalgam of data that in a document store that is OK for public consumption and there is no problem with scraping it because there is no immediate discernable threat to the company. The real reason to use it is on the backend/SDK where they are connecting to possible data stream with a database and you want to avoid any possible scraping.. SOOoooo... we canrequire security and base this off TOKEN and associate with TOKEN. |
networkGrp has a rateLimit which concatenates with ROLE rateLimit and even USER rateLimit
In beapi_api.yml
if ROLE rate limit does not exist, defaults to rateLimit for networkGrp. If networkGrp rate limit does not exist, no rateLimit is applied (UNLIMITED)
NOTE: would need to add two new fields to user table to accomodate for this.
the open apis (ones that do not require sign-in or token) will not have these checks applied and therefore will be unlimited.
This promotes the ability to SELL additional access to api both for ROLE(company wide) and for user(individual)
The text was updated successfully, but these errors were encountered: