Page MenuHomePhabricator

Administrator sets flat rate limit for API calls
Open, HighPublic

Description

"As an Administrator, I want to define a maximum number of API calls that can be made with a given API key during a particular period of time, so I can plan for and manage API traffic usage."

"As a Client Developer, I want to have an explicit pool of API calls I can make, so I can plan on more reliable API support."

These are two ways of looking at rate limits, from two personas.

Note that this only covers API calls that come through the API gateway, and not all API traffic (yet). A rate limit is defined as number of API calls per time period; these are not yet fixed, and will probably be adjusted over time, so should be variable. All API calls count the same. Just one hard limit (no soft limit). Limit is by key, not by developer account (developers can have multiple keys).

For estimation, 10000 API calls/hour is a likely first default API limit for the API gateway.

Event Timeline

eprodromou updated the task description. (Show Details)Thu, Jun 18, 3:26 PM
eprodromou reassigned this task from eprodromou to hnowlan.Fri, Jun 19, 4:16 PM
eprodromou added a subscriber: Pchelolo.

This is the high-level user story for having rate limits. I believe @Pchelolo is working on rate limiting. For an MVP, I'm more than happy having a fixed 10K/h rate limit.

eprodromou triaged this task as High priority.Fri, Jun 19, 4:18 PM