apidays LIVE Hong Kong - The Open API Economy: Finance-as-a-Service & API Ecosystems
Art and Science of Rate Limits for APIs
Shahnawaz Backer, Principal Security Advisor at F5 Labs
8. Unauthenticated
Authenticated
Client Parameters Use Case
Unauthenticated IP Address Location based rate
limits
Authenticated API Keys
JSON Web Tokens
Enforce tiers
Identification – Other Headers Custom use cases
Server Side
Concurrency
Client Side
Self Imposed Throttling
9. Drop Throttle Burst
Instant Drop with HTTP Status code 429Honor the traffic but SLA might not be metEnough resources to sustain