Limiting Number of API calls a user can make


#1

Hi Everyone,

How do you limit the number of API calls a user can make? Can I do this by setting a role? I would like to prevent users from scraping the data.

I searched the forum for answers, but the answers I found were in regards to giving access to Post, Get, etc of each field or something like this: Limit API responses based on user or role, basically limiting API responses, not the # of calls per a certain period of time (hour, day, etc).

Thanks!


#2

There’s not an “out of the box” way to do this yet. Our enterprise management console coming out Q2 will provide API throttling at both the DSP and user level.

In the meantime, you could accomplish this with server-side scripts…but it would take some work.


#3

You could probably just set a record in the local DB for each user and auto increment it for every successful API call. Maybe a script on system.user.event.post_process would trigger that record to be updated. Then you would probably want to run another script on pre_process for the call you want to rate limit and see if the number of calls exceeds your limit. If you want to make it daily you could run a cron job to set that number to 0 nightly, or based on whatever frequency you want to throttle with. If it does fail you would want to give the user an error that lets them give you more money for a higher rate limit.

This is how Twitter does it.
https://dev.twitter.com/rest/public/rate-limiting

I’m not sure if this is the best approach, but it seems like it would work!