Mowing Through API Request Limiting with Redis

To address the active pounding on the API, which was causing a noticeable performance impact to other queries I took a look at the popular Kong solution — just like any hip API coder would. I installed in a VM to try it out and it was pretty easy to get up and running. But then I started to look at the plugins for rate limiting, and while on the surface it didn’t seem too complicated, I started to think about the changes I’d have to make to my existing code and stack to integrate everything properly. If I had the time to map it all out carefully I’m sure it could be done. But what I really needed was to at least get the front yard mowed!

Simple enough. However, before I could start coding this up in the app, the backyard was calling. While mowing the backyard it gave me time to think about how I would keep track of individual user limits, rather than having one static limit for all users. Also, since the limits need to be enforced on a monthly bases, I needed to work out how the app would reset the limit counters at the end of each month. The solutions for these two requirements were straightforward. Just adding a limit column to the API user table, which is in a MySQL database, takes care of individual user limits. For the second requirement, a simple cron job that resets all request counters at the start of every month will do the trick. With the backyard freshly mowed, now I was ready to put all the pieces together!

With these two functions implemented, I have all the counting, checking, and enforcement I needed to implement API request limiting. The last and final piece was to establish a way to reset request counters on a monthly bases. For this task I needed to use two additional methods from the PHP Redis library, which were:

In the example script below, it calls keys() with the pattern of “*”, e.g. keys(‘*’). This will return all of the keys from the database. Next, it loops through all the keys setting their value to zero. I configured this script to run as a cron job at the start of every month, and with that my solution is complete.

Is this the most sophisticated API traffic control solution? No way! Was it relatively quick to build and works well? Yes way! More importantly, is my lawn looking great? For the time being, oh yes! Could I have implemented Redis locally on my web server? Yes but why bother. With the cloud service, I don’t have to worry about configuring and maintaining another service. Plus, it is fast enough for my needs. Also bonus, the Redis Labs console provides some awesome metrics.

However, the best end result is making out-of-control client scripts that are pounding on my API eat 429s:

This was a great little weekend project that solves a potentially big problem, e.g. web app and API outages. So with this complete, the lawn complete, I’m feeling a bit more relaxed.

Related posts:

Basic steps to create a Dart server and handle HTTP requests without a framework. You'll test out your server my making GET and POST requests.

Ok! All my female fans who find me irresistible (hey, mom)! I am effectively billed out and bound to go (old blues reference). Y’all can fuck me now! I’m good to go. Let me be serious for a…

I used to be a TV junkie. Five years ago, I would be shocked to know that nowadays, I’d rather watch someone clean their house and unbox their latest Zara haul than watch a scripted show. Every day…