# What is Throttling?

Throttling is a mechanism to limit the number of requests a client can make to an API within a certain time frame, helping to:

- Prevent abuse or denial-of-service attacks
- Protect server resources
- Ensure fair usage

**It differs from authentication and permissions — it doesn't block access permanently, just temporarily slows or limits it.**

# How Throttling Works in DRF

DRF includes built-in throttle classes that can be configured in your `settings.py` file:

In [None]:
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.AnonRateThrottle',
        'rest_framework.throttling.UserRateThrottle',
    ],
    'DEFAULT_THROTTLE_RATES': {
        'anon': '100/day',
        'user': '1000/day'
    }
}

# 1. AnonRateThrottle

**Purpose:**
Limits unauthenticated users (guests) based on their IP address.

**Configuration:**

In [None]:
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.AnonRateThrottle',
    ],
    'DEFAULT_THROTTLE_RATES': {
        'anon': '10/minute',
    }
}

**Example:** A guest can make only 10 requests per minute.

**Throttle key:** IP address.

# 2. UserRateThrottle

**Purpose:**
Limits authenticated users based on their user account.

**Configuration:**

In [None]:
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.UserRateThrottle',
    ],
    'DEFAULT_THROTTLE_RATES': {
        'user': '1000/day',
    }
}

**Example:** Authenticated users can make up to 1000 API calls per day.

**Throttle key:** Username/User ID.

# 3. ScopedRateThrottle

**Purpose:**
Allows different throttle rates for different parts of your API using custom scopes.

**Configuration:**

In [None]:
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.ScopedRateThrottle',
    ],
    'DEFAULT_THROTTLE_RATES': {
        'low_request_scope': '10/day',
        'high_request_scope': '1000/day',
    }
}

**Usage in a View:**

In [None]:
from rest_framework.views import APIView
from rest_framework.throttling import ScopedRateThrottle

class MyView(APIView):
    throttle_classes = [ScopedRateThrottle]
    throttle_scope = 'low_request_scope'
    
    def get(self, request):
        return Response({"message": "Throttled View"})

**Example:**
- View A → `10/day`
- View B → `1000/day`

Even if the same user accesses both views, they are throttled separately per scope.