What are the not-so-obvious reasons for rate-limiting an API?

[Cooper Marcus]

I can think of some obvious reasons for rate-limiting an API like:

* Prevent over-zealous API clients from taking down the API by sending too many requests too quickly

* Provide a feature by which different API users might be charged different prices for API usage (eg. if you want a higher rate limit, you can pay more $)

What about not-so-obvious reasons?

Thanks, Cooper

[Jack Repenning]

Perhaps this falls within your "over-zealous clients" category, but it seems worthwhile to me to worry a bit about well-intentioned, legitimate users' coding bugs. With an API, unlike with a web page, you're inviting people to write code to use your feature. Code often has bugs. Bugs can (among endless other possibilities) result in runaway loops calling your API. A confused user might make a bogus click now and then, but humans have neither the speed nor the patience to confusedly approach DOS levels of input; client code makes this sort of error easy.


--
Jack Repenning
Repenni...@gmail.com

[Jan Schütze]

I think one reason to have rate-limits on your api and communicate
them to your api consumers is to enforce a proper architecture for
your consumers.

Some developers don't think about the case, what happens if an API is
down OR think it's a good idea to get those 65535 subresources in that
while(true) loop. If there is a rate-limit (like e.g. on
twitter/github) you have to think twice if you really need to do that
request. In my experience we ended up with smarter solutions :).

> --
> You received this message because you are subscribed to the Google Groups "API Craft" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
> Visit this group at http://groups.google.com/group/api-craft.
> For more options, visit https://groups.google.com/d/optout.



--

http://dracoblue.net