Shows REST API request rate limiting for both Generic REST and Custom REST in CUBA using https://github.com/vladimir-bukhtoyarov/bucket4j library.
If you consider using Generic REST API, do not forget to assign proper privileges to a user - rest-api-access role.
There is a small HelloService that returns Hello %name%! greeting, where name is a URL parameter. The service is exposed using both Generic REST API in web module
and Custom REST API in portal module.
For both modules, there are two rate limiting interceptors (effectively, copied and pasted). They return X-Rate-Limit-Remaining header that shows how many requests remain.
Just run the application, assign rest-api-access role to a user admin and try to test the API using curl, ArC, PostMan or a similar tool.
To test Custom RestAPI, issue the following request:
GET http://localhost:8080/app-portal/hello/Billy
content-type: text/plain
authorization: Basic YWRtaW46YWRtaW4=
To test the Generic API, get a token first:
POST http://localhost:8080/app/rest/v2/oauth/token
content-type: application/x-www-form-urlencoded
authorization: Basic Y2xpZW50OnNlY3JldA==
grant_type=password&username=admin&password=admin
You'll get a response that looks like this:
{
"access_token": "d478ca70-de52-471d-a6f0-d476333089d8",
"token_type": "bearer",
"refresh_token": "1ab7c16e-fb4c-4b64-a352-76977bc1a082",
"expires_in": 43199,
"scope": "rest-api"
}
Use the access_token value to get an access to the API:
GET http://localhost:8080/app/rest/v2/services/throttler_HelloService/sayHello?name=Bobby
authorization: Bearer d478ca70-de52-471d-a6f0-d476333089d8
That's it. Note the responce header x-rate-limit-remaining: 19 that shows how many requests are left. For the further details, refer to the Bucket4j library documentation.