简体繁体 English

如何在 REST API 中限制客户端

[英]How to throttle clients in a REST API

原文 2010-03-30 06:32:59 1 2 api/ rest/ concurrency/ performance

I want to limit clients to an upper limit of number of calls to my REST APIs.我想限制客户端对我的 REST API 的调用次数上限。 What should I return to inform clients that they've been throttled?我应该返回什么来通知客户他们已被限制？

Amazon S3 is returning HTTP 503 with an error code SlowDown to inform clients. Amazon S3 返回 HTTP 503 并带有错误代码SlowDown以通知客户。

What do you advise?你有什么建议？

2 个解决方案

Since RFC 2616 documents status 503 as (my emphasis): 由于RFC 2616文档状态503为（我的重点）：

The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. 由于服务器的临时过载或维护，服务器当前无法处理请求。 The implication is that this is a temporary condition which will be alleviated after some delay. 这意味着这是一个暂时的条件，经过一段时间的延迟后会得到缓解。 If known, the length of the delay MAY be indicated in a Retry-After header. 如果已知，则可以在Retry-After报头中指示延迟的长度。

it seems a reasonable approach, especially with a Retry-After header. 这似乎是一种合理的方法，特别是使用 Retry-After标头。

For this case it doesn't seem server is overloaded yet, its just a proactive measure to tell the client that you shouldn't send more than x request in some time.对于这种情况，服务器似乎还没有过载，这只是一种主动措施，告诉客户端您在一段时间内不应发送超过 x 个请求。 HTTP 503 seems to me as over apologetic to the client, while there is no issue with the server yet and still wining about overload to the client. HTTP 在我看来，503 对客户端的道歉过头了，而服务器还没有问题，并且仍然对客户端的过载感到满意。 In my humble opinion its kind of client sending too many request and client is at fault so HTTP 421 seems most appropriate HTTP response code for the case.以我的拙见，这种客户端发送了太多请求并且客户端有问题，所以 HTTP 421 似乎最适合 HTTP 响应代码。