API Rate Limiting
API Rate Limiting.
What is rate limiting? Rate Limiting restricts the number of API calls a client can make at a given time. Implementing rate limiting on your API is considered a best practice as it has many benefits.
Why rate limit APIs? API owners want to ensure their API is functioning as efficiently as possible and that no single client overwhelms the API with an overload of requests. Influxes of requests impact performance and can affect other clients. Rate limiting prevents this and keeps the flow of requests under control. If an API uses many resources, rate limiting also keeps costs under control.
You can think of rate limiting like traffic lights controlling traffic flow. Similarly, rate limiting controls the traffic flow to your API. Without rate limiting, network traffic is unregulated and can potentially overload a server and cause problems and poor functioning.
When a server is rate limited, network traffic is managed efficiently, and latency is minimized. Functioning is maintained during activity spikes and single clients sending influxes of requests are disconnected.
When a server is not rated limited, latency is higher, and services are at risk of DoS (Denial of Service) attacks and bot attacks, which will cause traffic overload and leave services inoperable.
Let's look at some common rate limiting methods. The first is throttling. In this method, the throttling algorithm will first assess if a request exceeds the enforced rate limit. If it does, the throttle is triggered, and the client will either have their bandwidth reduced or be disconnected entirely.
The next method is request queuing. Requests are limited to being handled at a certain number per given time, e.g., two requests per second. Excess requests are then queued. Many libraries can implement request queuing for you.
The final method is rate limiting algorithms. There are various algorithms that can implement rate limiting. All of them are slightly different but implement efficient and trusted rate limiting. Some common algorithms are leaky bucket, fixed window, and sliding log.