What is Rate Limiting? All the Basic things you need to know
Rate limiting is a strategy for limiting network traffic. It can also reduce strain on web servers.
Introduction
A Rate Limiter is a defensive mechanism used in a distributed system to prevent the frequency of an operation from exceeding a defined limit and causing server errors.
In this article, we are going to see a basic thing we need to know as a developer. Let's jump.
What is Rate-Limiting?
Rate limiting is a defensive technique that limits the number of requests that can reach your API in order to protect it from unintended or malicious overuse. Without rate limiting, you risk resource starvation from load-based denial of service attacks, security failures, and increased operational costs.
Without rate limiting, any user can bombard your server with requests leading to spikes that starve other users. a line chart of increasing traffic triggering the rate limiter.
The high-Level view of Rate-Limiter
The Rate Limiter sits in between the application & your business logic. Organizations use rate limiting to ensure the fair usage of their API-based services and other web services and resources by clients. It regulates the number of times a user can request a particular API-based service in a given time frame. I hope now it's clear what is the need for Rate Limiter.
Major Types of Rate Limiting?
There are major types of Rate Limiting techniques. They are
User-Level Rate Limiting
Server-Level Rate Limiting
Geography-Based Rate Limiting
To explore the topic in-depth follow this article Type of Rate Limiting.
Why Use a Rate Limiter?
Preventing Resource Starvation
The most common reason for rate limiting is to avoid resource starvation and improve the availability of API-based services. Rate limiting can also help you prevent load-based denial of service (DoS) attacks. Other users aren’t starved, even when one user bombards the API with loads of requests.
Security
Rate limiting prevents users from brute forcing security-intensive functionalities like login, promo codes, etc. The number of requests for each of these features is limited on a user level ensuring that brute-force algorithms won’t work in these scenarios.
Preventing Operational Costs
In the case of auto-scaling resources on a pay-per-use model, rate limiting puts a virtual cap on the scalping of resources to help control operational costs. Without rate limiting, resources might scale out of proportion leading to exponential bills.
Access Control
Rate limiting not only deals with limiting the number of requests but it can be modified to limit the level of access also. For example, if there is an API-based service to view and modify the personal details of a user, the rate-limiting algorithm can implement different access levels. One set of users can only view the personal details, while the second set can both view and modify the details.
Summary
Rate limiting can be a great method to help fight against infrastructure attacks as well as block other types of suspicious activity. As mentioned, there are various methods you can use to implement rate limiting whether it be at the server level, user level, etc.
Hopefully, this will be useful to some of you :).
I'd love to hear what you're comments & more examples let me know in the comments below! Follow for more content like this & share it with your friends