What is rate limiting and why is it important?<\/h2>\n\n\n\n
Rate limiting is a technique used to control or limit the distribution or flow of traffic on an API in order to keep it from becoming overloaded and underperforming. API owners typically impose some control over their APIs by limiting the number of requests in a given time frame to ensure that clients use their resources fairly. This avoids an unnecessary spike in its traffic and improves web service scalability.<\/p>\n\n\n\n
When developing applications with many users, API rate limiting is essential. It limits bot attacks to APIs and prevents DoS attacks,<\/a> in which a user launches many requests in seconds. Rate limiting can be used to ensure that API resources are not depleted and that legitimate users have proper access to the API.<\/p>\n\n\n\n Rate limiting is measured in requests per second, or RPS, which means that we can, for example, configure our API to allow three requests per minute from a specific user. When the user exceeds the limit, the API returns a Rate limiting can be used by defining different parameters based on the objectives and level of restriction desired. There are three major types of rate limiting, which we will go over in more detail below.<\/p>\n\n\n\n This type of rate limiting detects the number of requests made by a specific user and limits the user based on the restrictions set by the API developer. Many organizations use it as the most common type of rate limiting. It typically monitors a user’s IP address or API key and blocks additional requests if the limit is exceeded within the time frame specified until the rate-limiting period resets.<\/p>\n\n\n\n This type of rate limiting limits the number of requests sent to the server from a specific region and location. This can be useful for reducing traffic spikes from a specific region, freeing up resources in the target regions.<\/p>\n\n\n\n If different servers handle different parts of an application, rate limiting can be configured at the server level. This method allows developers to increase the rate limit on frequently used servers while decreasing the traffic limit on less regularly used servers, giving them more flexibility.<\/p>\n\n\n\n Rate limiting can be implemented in various ways in an application. Below, we will go over some of the more general methods.<\/p>\n\n\n\n Request queues limit the number of requests sent to an API in a given time frame. It is one of the most commonly used rate-limiting techniques. Numerous request libraries are available for various programming languages that make it simple to set rate-limiting for our API while doing most of the hard work for us. Service services such as Amazon Simple Queue Service can handle request and message queues.<\/p>\n\n\n\n Throttling is the process of putting the API into a temporary state to evaluate each request. A user may be disconnected or have a slower bandwidth when the throttle is triggered. It is a flexible rate-limiting method that can be applied at the user, API, or application level.<\/p>\n\n\n\n There are several algorithms to use when implementing rate limiting in a system. We will be discussing some of them below:<\/p>\n\n\n\n Throttling is the same as permissions in the Django Rest Framework<\/a>, as it determines whether a particular request should be authorized or discarded. It is used to rate-limit the number of API requests a client can make. Throttling is flexible in DRF, and multiple throttles can be implemented to control requests made by authenticated and anonymous users or to restrict resources based on different parts of the APIs.<\/p>\n\n\n\n Now let\u2019s create an API and set some throttle policies.<\/p>\n\n\n\n To get started, we will set up a new CoderPad Django sandbox<\/a>. In the sandbox shell, install the We then add the new app and We will be having two In the app\u2019s With the project setup and routes pattern in place, let\u2019s create a new model to add products to the database in the In In the code block above, we created a new class named Now, let\u2019s migrate our fields to the database. In the command line, we\u2019ll write the following commands to migrate our table to the database.<\/p>\n\n\n In the next section, we will be creating a serializer for our model data.<\/p>\n\n\n\n Let\u2019s create a new file In the code block above, we created a new class for our model serializer. We then added a Meta class,<\/a> which lets us define the model we are creating a serializer for and specify the fields of the models we want to output. Serialization in the Django Rest Framework helps us convert model objects into more flexible data types like JSON, which are more understandable by JavaScript and frontend frameworks<\/a>.<\/p>\n\n\n\n Now let\u2019s head over to creating views and routes for our API.<\/p>\n\n\n\n In the previous sections, we created a model and serializer to format the output of our data properly. In this section, we will be creating a view for defining our API and a route.<\/p>\n\n\n\n In the 429<\/code> status code error, which means “Too Many Requests,” to notify the user that they have sent too many requests in the allotted time frame.<\/p>\n\n\n\n![\"\"\/](\"https:\/\/d2h1bfu6zrdxog.cloudfront.net\/wp-content\/uploads\/2023\/01\/img_63b6f40378cab.png\")
Types Of rate limiting <\/h2>\n\n\n\n
User rate limiting<\/h3>\n\n\n\n
Geographic-based rate limiting<\/h3>\n\n\n\n
Server rate limiting<\/h3>\n\n\n\n
Different methods of implementing rate limiting<\/h2>\n\n\n\n
Using request queues<\/h3>\n\n\n\n
Throttling<\/h3>\n\n\n\n
Rate limiting algorithms<\/h3>\n\n\n\n
\n
![\"\"\/](\"https:\/\/d2h1bfu6zrdxog.cloudfront.net\/wp-content\/uploads\/2023\/01\/img_63b6f4054cb0f.png\")
\n
\n
\n
Implementing throttling in Django<\/h2>\n\n\n\n
Project setup<\/strong><\/h3>\n\n\n\n
djangorestframework<\/code> library:<\/p>\n\n\n$ pip install djangorestframework<\/code><\/span><\/pre>\n\n\nrest_framework<\/code> to the list of installed apps in settings.py<\/code> and create a urls.py<\/code> file for the app.<\/p>\n\n\nINSTALLED_APPS = [\n\n\u00a0\u00a0\u00a0\u00a0\"django.contrib.admin\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"django.contrib.auth\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"django.contrib.contenttypes\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"django.contrib.sessions\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"django.contrib.messages\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"django.contrib.staticfiles\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"productApp\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"rest_framework\"<\/span>,\n\n\u00a0\u00a0\u00a0\u00a0\"rest_framework.authtoken\"<\/span>,\u00a0\u00a0\u00a0\u00a0\u00a0\n\n]<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\nurls.py<\/code> files, one will be included in the project\u2019s directory while the other in the productApp<\/code> folder. Let\u2019s create a new urls.py<\/code> in the app\u2019s directory and include it in the project\u2019s own.<\/p>\n\n\nfrom<\/span> django.contrib import<\/span> admin\n\nfrom<\/span> django.urls import<\/span> path, include\n\nurlpatterns = [\n\n\u00a0\u00a0\u00a0\u00a0path(\"admin\/\"<\/span>, admin.site.urls),\u00a0\n\n\u00a0\u00a0\u00a0\u00a0path(\"products\"<\/span>, include(\"productApp.urls\"<\/span>))\n\n\u00a0\u00a0\u00a0\u00a0]<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\nurls.py<\/code> file, add the following code:<\/p>\n\n\nfrom<\/span> django.urls import<\/span> path\n\nurlpatterns = [\n\n]<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\nCreating models<\/strong><\/h4>\n\n\n\n
models.py<\/code> file. <\/p>\n\n\n\nmodels.py<\/code>, add the following:<\/p>\n\n\nfrom<\/span> django.db import<\/span> models\n\nclass<\/span> Product<\/span>(models.Model)<\/span>:<\/span>\n\n\u00a0\u00a0\u00a0\u00a0name = models.CharField(max_length=250<\/span>)\n\n\u00a0\u00a0\u00a0\u00a0price = models.CharField(max_length=250<\/span>)\n\n\u00a0\u00a0\u00a0\u00a0color = models.CharField(max_length=250<\/span>)\n\n\u00a0\u00a0\u00a0\u00a0weight = models.CharField(max_length=250<\/span>)<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\nProduct<\/code> by inheriting Django\u2019s model class<\/a> which lets us define the fields and behaviors of the data we are storing. We then created the class attributes named name<\/code>, price<\/code>, color<\/code>, and weight<\/code> which map as database columns in our table.<\/p>\n\n\n\n$ python manage.py makemigrations\n\nMigrations for<\/span> 'productApp'<\/span>:\n\n\u00a0\u00a0productApp\/migrations\/0001<\/span>_initial.py\n\n\u00a0\u00a0\u00a0\u00a0- Create model Product\n\n$ python manage.py migrate\n\nOperations to perform:\n\n\u00a0\u00a0Apply all migrations: admin, auth, authtoken, contenttypes, polls, productApp, sessions\n\nRunning migrations:\n\n\u00a0\u00a0Applying authtoken.0001<\/span>_initial... OK\n\n\u00a0\u00a0Applying authtoken.0002<\/span>_auto_20160226_1747... OK\n\n\u00a0\u00a0Applying authtoken.0003<\/span>_tokenproxy... OK\n\n\u00a0\u00a0Applying productApp.0001<\/span>_initial... OK<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n\n\nCreating serializers<\/strong><\/h4>\n\n\n\n
serializers.py<\/code> in the productApp<\/code> directory and add the following code:<\/p>\n\n\nfrom<\/span> rest_framework import<\/span> serializers\n\nfrom<\/span> .models import<\/span> Product\n\nclass<\/span> ProductSerializer<\/span>(serializers.ModelSerializer)<\/span>:<\/span>\n\n\u00a0\u00a0\u00a0\u00a0class<\/span> Meta<\/span>:<\/span>\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0model = Product\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0fields = [\"id\"<\/span>, \"name\"<\/span>, \"price\"<\/span>, \"color\"<\/span>, \"weight\"<\/span>]<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\nCreating views and routes<\/strong><\/h4>\n\n\n\n
views.py<\/code> file in the app\u2019s directory, add the following code:<\/p>\n\n\nfrom<\/span> rest_framework.generics import<\/span> CreateAPIView, ListAPIView, DestroyAPIView\n\nfrom<\/span> .models import<\/span> Product\n\nfrom<\/span> .serializers import<\/span> ProductSerializer\n\nclass<\/span> CreateProduct<\/span>(CreateAPIView)<\/span>:<\/span>\n\n\u00a0\u00a0\u00a0\u00a0serializer_class = ProductSerializer\n\n\u00a0\u00a0\u00a0\u00a0queryset = Product.objects.all()\n\nclass<\/span> GetProducts<\/span>(ListAPIView)<\/span>:<\/span>\n\n\u00a0\u00a0\u00a0\u00a0serializer_class = ProductSerializer\n\n\u00a0\u00a0\u00a0\u00a0queryset = Product.objects.all()\n\nclass<\/span> DeleteProduct<\/span>(DestroyAPIView)<\/span>:<\/span>\n\n\u00a0\u00a0\u00a0\u00a0serializer_class = ProductSerializer\n\n\u00a0\u00a0\u00a0\u00a0queryset = Product.objects.all()<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n