Rate limiting is a strategy for limiting network traffic. It puts a cap on how often someone can repeat an action within a certain timeframe – for instance, trying to log in to an account. Rate limiting can help stop certain kinds of malicious bot activity. It can also reduce strain on web servers.
Currently, it is possible to send any amount of request per second, which can easily clog our server's resources and... break everything. We want to prevent users to spam the API and consuming too much resources. On the client part of this will be solved by caching responses and limiting interactions but since we have a public api we still need to ensure that people don't accidentally or purposely overload it.
Currently, it is possible to send any amount of request per second, which can easily clog our server's resources and... break everything. We want to prevent users to spam the API and consuming too much resources. On the client part of this will be solved by caching responses and limiting interactions but since we have a public api we still need to ensure that people don't accidentally or purposely overload it.
Additional information https://en.wikipedia.org/wiki/Rate_limiting https://en.wikipedia.org/wiki/Denial-of-service_attack
Pists https://hexdocs.pm/absinthe/complexity-analysis.html#token-limits https://xuorig.medium.com/a-guide-to-graphql-rate-limiting-security-e62a86ef8114 https://elixirforum.com/t/rate-limiting-complexity-with-absinthe/42254 https://dev.to/mnishiguchi/rate-limiter-for-phoenix-app-3j2n https://github.com/grempe/ex_rated https://hexdocs.pm/rajska/Rajska.RateLimiter.html https://docs.github.com/en/graphql/overview/resource-limitations