TASK : Rate Limiting needs to be NETWORKGRP/role/user based #57
Assignees
Labels
enhancement
New feature or request
Comments
orubel
changed the title
orubel
changed the title
|
so am working on this and getting knee deep and realizing that people are using rate limiting for far too much. Rate limiting is a tool to avoid database/data scraping. Most 'public' API's are an amalgam of data that in a document store that is OK for public consumption and there is no problem with scraping it because there is no immediate discernable threat to the company. The real reason to use it is on the backend/SDK where they are connecting to possible data stream with a database and you want to avoid any possible scraping.. SOOoooo... we canrequire security and base this off TOKEN and associate with TOKEN. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
networkGrp has a rateLimit which concatenates with ROLE rateLimit and even USER rateLimit
In beapi_api.yml
if ROLE rate limit does not exist, defaults to rateLimit for networkGrp. If networkGrp rate limit does not exist, no rateLimit is applied (UNLIMITED)
NOTE: would need to add two new fields to user table to accomodate for this.
the open apis (ones that do not require sign-in or token) will not have these checks applied and therefore will be unlimited.
This promotes the ability to SELL additional access to api both for ROLE(company wide) and for user(individual)
The text was updated successfully, but these errors were encountered: