Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add and test rate limiting field to Proxy backend collection #1190

Closed
5 of 6 tasks
bajiat opened this issue Jun 21, 2016 · 13 comments
Closed
5 of 6 tasks

Add and test rate limiting field to Proxy backend collection #1190

bajiat opened this issue Jun 21, 2016 · 13 comments
Assignees
@jykae
Labels
wireframe available
Milestone
Sprint 32

Comments

@bajiat
Copy link
Contributor

bajiat commented Jun 21, 2016
edited by jykae

(Description updated due to multiproxy development) Rate limiting setting is one of the key settings API owner needs in order to control the traffic to the API. Make sure it works correctly in Apinf - to the extent that API Umbrella supports it. Add the field to the new Proxy Backends collection

Potential user stories

As an API owner
I want to limit the usage of my API for a
particular API consumer

As an API owner
I want to be able to set and change a default rate limit
for my API for a certain period of time

Definition of done

  • Make sure the rate limiting options get stored in the Proxy Backends collection
  • Make sure the options are aligned with Api Umbrella
  • Make sure the selected option is passed correctly to the Admin REST API
    • Optional idea: start by testing passing the setting with a REST call only (e.g. Postman)
  • Make sure it gets stored (and changed when updated) properly in API Umbrella
  • Make sure there is a setting for rate limiting in Proxy tab in API profile

Wireframe

Scenario 1: API owner sets default request rate of API-Umbrella Proxy

apiratelimit

Scenario 2: API Owner customizes Request Rate Limits based on API key or specific IP Address. There can be multiple customizations and may vary by durations (seconds/minutes/hours etc.). Owner can select a customized settings as primary.

apiratelimit2

apiratelimit3

apiratelimit4

Scenario 3: API owner sets unlimited API calls

apiratelimit5
@55 55 assigned 55 and unassigned 55 Jul 18, 2016
@55
Copy link
Contributor

55 commented Jul 18, 2016

@jykae, will you take this task? We can work together on this.

@55 55 added planning and removed backlog labels Jul 18, 2016
@55 55 added this to the Sprint 27 milestone Jul 18, 2016
@jykae
Copy link
Contributor

jykae commented Jul 22, 2016

@NNN yes, I assign myself.

@jykae jykae self-assigned this Jul 22, 2016
@jykae
Copy link
Contributor

jykae commented Jul 22, 2016
edited

Depends #622

@jykae jykae mentioned this issue Jul 25, 2016
Closed
5 tasks
@jykae
Copy link
Contributor

jykae commented Jul 28, 2016
edited

Rate limits in Umbrella: http://api-umbrella.readthedocs.io/en/latest/api-consumer/rate-limits.html

Default limit is 1,000 requests per hour

@jykae
Copy link
Contributor

jykae commented Jul 28, 2016

Tested default rate limits with disabled API key:

curl -I https://nightly.umbrella.apinf.io/teosto/event

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 28 Jul 2016 07:51:18 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 998
Vary: Accept-Encoding
Set-Cookie: route=b7f7bc41a43f49b93f8afb165d076976; Path=/
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: Content-Type
Vary: Accept-Encoding
Set-Cookie: SRVGROUP=common; path=/
Age: 1
Via: http/1.1 api-umbrella (ApacheTrafficServer [cMsSf ])
X-Cache: MISS
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

@jykae
Copy link
Contributor

jykae commented Jul 28, 2016

When rate limit hits zero, we get HTTP status 429 as stated in documentation:

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 28 Jul 2016 08:14:53 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 0
Vary: Accept-Encoding
Set-Cookie: route=707b4ddd53b0ce4bedc742b525ae1ec8; Path=/
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: Content-Type
Vary: Accept-Encoding
Set-Cookie: SRVGROUP=common; path=/
Age: 0
Via: http/1.1 api-umbrella (ApacheTrafficServer [cMsSf ])
X-Cache: MISS
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

HTTP/1.1 429
Server: openresty
Date: Thu, 28 Jul 2016 08:14:53 GMT
Content-Type: application/json
Connection: keep-alive
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 0
Access-Control-Allow-Origin: *
X-Cache: MISS
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

@jykae
Copy link
Contributor

jykae commented Jul 28, 2016

When new custom rate limit (10 requests per hour) is set, it resets the rate limiting counters.

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 28 Jul 2016 08:20:48 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 9
Vary: Accept-Encoding
Set-Cookie: route=2514054bf8f4fcf4bb0e41885ad39cb8; Path=/
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: Content-Type
Vary: Accept-Encoding
Set-Cookie: SRVGROUP=common; path=/
Age: 1
Via: http/1.1 api-umbrella (ApacheTrafficServer [cMsSf ])
X-Cache: MISS
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

@jykae jykae mentioned this issue Jul 28, 2016
Closed
@jykae
Copy link
Contributor

jykae commented Jul 28, 2016

Made upstream issue about inconsistency in Umbrella Admin API documentation, NREL/api-umbrella#274

Got working somehow, by guessing & trying.

@brylie brylie modified the milestones: Sprint 28, Sprint 27 Aug 10, 2016
@bajiat bajiat mentioned this issue Aug 15, 2016
Closed
12 tasks
@bajiat bajiat modified the milestones: Sprint 29, Sprint 28 Aug 15, 2016
@bajiat bajiat removed the planning label Aug 15, 2016
@Nazarah
Copy link
Contributor

Nazarah commented Sep 12, 2016

@Nazarah: reference API Umbrella UI

@bajiat bajiat modified the milestones: Sprint 31, Sprint 30 Sep 12, 2016
@bajiat bajiat added ready and removed planning labels Sep 13, 2016
@Nazarah
Copy link
Contributor

Nazarah commented Sep 22, 2016
edited

scenario 2 help text:
You can have multiple customized request limit settings for your API. Rate limit customization lets users know how many API calls they can make and how many are remaining. Customization can be based on API Key or specific IP address an can be duration specific. For multiple customization options, you should select one as primary settings. Only the primary rate limit settings will return its status via HTTP response headers. On using all available API request calls, API key will be temporarily disabled for the duration set in that customization.

@Nazarah Nazarah closed this as completed Sep 23, 2016
@bajiat bajiat reopened this Sep 23, 2016
@bajiat
Copy link
Contributor Author

bajiat commented Sep 26, 2016

@jykae Could you take this task? It's a high priority one and we would like someone who is around in the office.

@bajiat bajiat modified the milestones: Sprint 32, Sprint 31 Sep 26, 2016
@jykae jykae self-assigned this Sep 27, 2016
@jykae jykae mentioned this issue Sep 30, 2016
Merged
@brylie brylie removed the in progress label Oct 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jykae jykae

Labels
wireframe available
Projects
None yet
Milestone
Sprint 32
Development

Successfully merging a pull request may close this issue.

Fix rate limiting settings apinf/platform
6 participants
@brylie @jykae @frenchbread @55 @bajiat @Nazarah