I am developing a Spring Boot Rest API which handles a lots of incoming request calls. My Controller is something like below:
@RestController public class ApiController { List<ApiObject> apiDataList; @RequestMapping(value="/data",produces={MediaType.APPLICATION_JSON_VALUE},method=RequestMethod.GET) public ResponseEntity<List<ApiObject>> getData(){ List<ApiObject> apiDataList=getApiData(); return new ResponseEntity<List<ApiObject>>(apiDataList,HttpStatus.OK); } @ResponseBody @Async public List<ApiObject> getApiData(){ List<ApiObject> apiDataList3=new List<ApiObject> (); //do the processing return apiDataList3; } }
So now I wanted to set a ratelimit for each user. Say every user can only request 5 request per minute or something like that. How to set the rate limit for each user to make only 5 api calls per minute and if a user requests more than that I can send a 429 response back? Do we need thier IP Address?
Any help is appreciated.
Advertisement
Answer
You don’t have that component in Spring.
- You can build it as part of your solution. Create a filter and register it in your spring context. The filter should check incoming call and count the incoming requests per user during a time window. I would use the token bucket algorithm as it is the most flexible.
- You can build some component that is independent of your current solution. Create an API Gateway that does the job. You could extend Zuul gateway and, again, use the token bucket algorithm.
- You can use an already built-in component, like Mulesoft ESB that can act as API gateway and supports rate limiting and throttling. Never used it myself.
- And finally, you can use an API Manager that has rate limiting and throttling and much more. Checkout MuleSoft, WSO2, 3Scale,Kong, etc… (most will have a cost, some are open source and have a community edition).