orubel
commented
1 month ago so am working on this and getting knee deep and realizing that people are using rate limiting for far too much.
Rate limiting is a tool to avoid database/data scraping. Most 'public' API's are an amalgam of data that in a document store that is OK for public consumption and there is no problem with scraping it because there is no immediate discernable threat to the company.
The real reason to use it is on the backend/SDK where they are connecting to possible data stream with a database and you want to avoid any possible scraping..
SOOoooo... we canrequire security and base this off TOKEN and associate with TOKEN.
networkGrp has a rateLimit which concatenates with ROLE rateLimit and even USER rateLimit
In beapi_api.yml
if ROLE rate limit does not exist, defaults to rateLimit for networkGrp. If networkGrp rate limit does not exist, no rateLimit is applied (UNLIMITED)
NOTE: would need to add two new fields to user table to accomodate for this.
the open apis (ones that do not require sign-in or token) will not have these checks applied and therefore will be unlimited.
This promotes the ability to SELL additional access to api both for ROLE(company wide) and for user(individual)