468,509 Members | 1,276 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,509 developers. It's quick & easy.

[.Net Framework 4] How to Implement API Rate Limiting/Throttling .5]

2
For our REST API, which is hosted as an Azure app service, we need to integrate API throttling. Azure Front Door serves as a load balancer for app services across various regions. The rate restriction should be done based on the client's IP address or the value of a header key that is unique to that client. There is no ip address or client list that has been pre-defined.

As an example, When a client sends an API request with the header "idKey = foo," only 100 requests should be served from that client for the following 1 minute. Each client should be served until the limit is met.



How should this be implemented/designed in the project? The concept for the project is based on. 4.5.1 Microsoft.NET Framework
4 Weeks Ago #1
1 3309
dev7060
430 Expert 256MB
For our REST API, which is hosted as an Azure app service, we need to integrate API throttling. Azure Front Door serves as a load balancer for app services across various regions. The rate restriction should be done based on the client's IP address or the value of a header key that is unique to that client. There is no ip address or client list that has been pre-defined.

As an example, When a client sends an API request with the header "idKey = foo," only 100 requests should be served from that client for the following 1 minute. Each client should be served until the limit is met.



How should this be implemented/designed in the project? The concept for the project is based on. 4.5.1 Microsoft.NET Framework
I have never worked with .NET but this is how I'd approach it in a generic way. Although i can't say if it'd prove useful in this scenario. I'd create a session and set up variables for the number of requests and time. For each request made by the client, the cookie header can be read to retrieve the session id and respective values (requests/time) can be checked/updated on the server side before allowing access to the API. A database entry can be used to check if the 'idKey' is currently being engaged (with an IP) to avoid further connection requests.
4 Weeks Ago #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

reply views Thread by Rex Winn | last post: by
reply views Thread by Ali Onder via .NET 247 | last post: by
9 posts views Thread by c676228 | last post: by
3 posts views Thread by Peter Silva | last post: by
5 posts views Thread by petru.marginean | last post: by
139 posts views Thread by ravi | last post: by
4 posts views Thread by Dimitrios Apostolou | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.