The current rate limiting middleware for the API is naive and very basic. Though it's really only designed to prevent errant scripts or bad code from crushing the server resources, not for handling general traffic spikes, request priorities and shedding load. While we do rate limit per user x per endpoint, we can only customize this per endpoint, not per user.
The current rate limiting middleware for the API is naive and very basic. Though it's really only designed to prevent errant scripts or bad code from crushing the server resources, not for handling general traffic spikes, request priorities and shedding load. While we do rate limit
per user x per endpoint, we can only customize this per endpoint, not per user.We should implement the token bucket algorithm described here by stripe engineering: https://stripe.com/blog/rate-limiters
Also see code examples here: https://gist.github.com/ptarjan/e38f45f2dfe601419ca3af937fff574d