如何限速的API [英] How To Rate-Limit An API

问题描述

什么是限制的API请求的最佳方式？基本上，我们希望360 API请求一个小时（每10秒的请求）来限制用户。想到什么是跟踪每个API请求和存储：

What is the best way to limit requests for an API? Basically, we want to limit users to 360 API requests an hour (a request every 10 seconds). What comes to mind is tracking every API request and storing:

  ip-address          hourly-requests
  1.2.3.4             77
  2.3.4.5             34
  3.4.5.6             124

如果该IP地址的请求超过360时，只返回一个标头：

If the ip-address requests is greater than 360, simply return a header with:

  429 - Too Many Requests

然后回滚柜台每小时时薪请求。这似乎是一个非常低效的方法，因为我们要在每一个API请求增加计数器MySQL查询。此外，我们还需要一个cron任务重置所有计数器每隔一小时。

Then rollback the counter hourly-requests every hour. This seems like an very inefficient method, since we have to make a MySQL query on every API request to increment the counter. Also, we would need a cron task to reset all counters every hour.

有没有更优雅/有效的解决方案？

Is there a more elegant/efficient solution?

推荐答案

您可以尝试使用Redis的，有速率限制几个模式

You can try to use Redis, there are few pattern for rate limiting

这篇关于如何限速的API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！