Client Developer gets rate limit headers
Open, HighPublic
Actions

Description

"As a Client Developer, I want to have informational HTTP headers in my response that say what my rate limit is and how many requests I still have available, so that I can throttle my requests to avoid going over the limit."

Different services use different proprietary headers for rate-limit information. We can use those, define our own, or use the draft RFC for rate-limit headers from the IETF.

Note that this is for successful and error messages.

This is done when:

Our responses follow the RFC for rate limit headers
Every response has rate limit in the headers (somewhere) or we know why not
Every response has remaining calls in the headers (somewhere) or we know why not
Every response has reset time in the headers (somewhere) or we know why not

Related Objects
Search...

Status	Assigned	Task
Resolved	• eprodromou	T235270 Wikimedia API Gateway
Open	• eprodromou	T255034 Wikimedia API Gateway Long-term Use
Open	Pchelolo	T246278 Client Developer gets rate limit headers

Event Timeline

• eprodromou created this task.Feb 26 2020, 7:42 PM

• eprodromou updated the task description. (Show Details)

• eprodromou edited parent tasks, added: T255030: Wikimedia API Gateway MVP; removed: T246269: API Rate Limiting.Jun 10 2020, 3:22 PM

• eprodromou mentioned this in T246277: Client Developer gets informative error when going over rate limit.Jun 19 2020, 4:21 PM

It would be great to get some information on what these headers are going to be.

@Pchelolo and @hnowlan do we have an idea what the headers are that come out of the Envoy rate-limiting implementation?

• eprodromou reassigned this task from • eprodromou to Pchelolo.Jul 22 2020, 2:38 PM

• eprodromou updated the task description. (Show Details)Jul 22 2020, 3:05 PM

• eprodromou edited projects, added Platform Team Workboards (Green); removed Platform Team Workboards (User Stories).Jul 27 2020, 11:49 AM

• eprodromou moved this task from Backlog to Ready on the Platform Team Workboards (Green) board.

I thought envoy was supporting this out of the box, but apparently it does not :( We need to make an upstream contribution one more time.

Filed https://github.com/envoyproxy/envoy/issues/12356 and awaiting approval from envoy maintainers.

Pchelolo moved this task from Ready to Doing on the Platform Team Workboards (Green) board.Jul 29 2020, 4:10 PM

• eprodromou updated the task description. (Show Details)Jul 30 2020, 7:17 PM

• eprodromou updated the task description. (Show Details)

WDoranWMF added a project: Platform Team Sprints Board (Sprint 0).Jul 31 2020, 12:13 PM

PR in envoy to support this: https://github.com/envoyproxy/envoy/pull/12410

The first in the series of patches needed for this has been merged upstream.

Now we need to wait for either of the following before continuing the work:
a) new version of https://github.com/envoyproxy/go-control-plane to be released, so that upstream ratelimit service could be updated to support X-RateLimit-Reset header
b) new version of envoy to be cut and used in the gateway

• eprodromou edited parent tasks, added: T255032: Wikimedia API Gateway Public Launch; removed: T255030: Wikimedia API Gateway MVP.Aug 6 2020, 5:46 PM

Naike edited projects, added Platform Team Sprints Board (Sprint 1); removed Platform Team Sprints Board (Sprint 0).Aug 7 2020, 10:33 AM

Pchelolo mentioned this in T257930: Security Readiness Review For OAuthRateLimiter.Aug 7 2020, 4:10 PM

@Pchelolo: What's the release plan for Option A? When would a new version of Envoy be cut and used in the Gateway? I'd like to get a better sense of when we'll be able to remove this blocker. Are there any workarounds?

In T246278#6371678, @Naike wrote:

@Pchelolo: What's the release plan for Option A? When would a new version of Envoy be cut and used in the Gateway? I'd like to get a better sense of when we'll be able to remove this blocker.

According to this in the end of September.