Can a server only return RateLimit-Limit and RateLimit-Remaining but not RateLimit-Reset?

ietf-wg-httpapi / ratelimit-headers

Repository for IETF WG draft ratelimit-headers

Other

45 stars 5 forks source link

Can a server only return RateLimit-Limit and RateLimit-Remaining but not RateLimit-Reset? #82

Closed guzi99 closed 2 years ago

guzi99 commented 2 years ago

It seems that it is not required to return all these 3 fields together. However, I was wondering if certain combinations would cause confusion.

For example, if a server return RateLimit-Limit, RateLimit-Remaining but not RateLimit-Reset, such as:

RateLimit-Limit: 10000, 10000;w=300 RateLimit-Remaining: 900

How would clients interpret the RateLimit-Remaining field without the RateLimit-Reset?

ioggstream commented 2 years ago

@guzi99 Already fixed in #80

RateLimit-Limit and RateLimit-Reset are REQUIRED;
RateLimit-Remaining is RECOMMENDED.

Can you please close if that fixes?

guzi99 commented 2 years ago

@ioggstream sorry for missing the previous conversation. My take is

RateLimit-Limit alone can be useful for clients. It tells the complete rate - quota in a time window. And clients can control its rate based on this field.
RateLimit-Reset helps align the time window between the client and the server, but I think it can be optional. As long as client spread the load evenly, it does not need to know the reset. For example, if a server return RateLimit-Limit: 10000, 10000;w=300, that is about 33.3 RPS or 2,000 requests per min(assuming the quota unit is a request), clients can adopt it and stay below the limit.
However, the problem is when RateLimit-Remaining appears without RateLimit-Reset, because it is technically not a rate number due to missing time window.

To summarize my opinion - RateLimit-Reset is required when RateLimit-Remaining is specified; otherwise, RateLimit-Reset is optional.

Thoughts?

ioggstream commented 2 years ago

@guzi99

RateLimit-Limit alone can be useful for clients. It tells the complete rate-quota ...

By design, RateLimit-Limit quota-policies are OPTIONAL and not actionable. The only actionable value of RateLimit-Limit is expiring-limit that is the first value.

RateLimit-Reset can be optional

Without RateLimit-Reset, you cannot identify the current time-window because quota-policy are not actionable. In the above case, the correct response is

RateLimit-Limit: 10000, 10000;w=300
RateLimit-Reset: 300

problem is when RateLimit-Remaining appears without RateLimit-Reset

This is the reason why RateLimit-Reset is REQUIRED

ioggstream commented 2 years ago

Thanks for closing @guzi99 !

Feel free to provide further feedback since it's useful to double check the specs!

ioggstream commented 2 years ago

@guzi99 wdyt on #79? Do you think it could better clarify that quota-policies are optional?

Thx++, R

guzi99 commented 2 years ago

I do agree that having both limit number and policies in the same field is a bit confusing. That is the reason I thought RateLimit-Limit could be actionable, but now I get that the policy is optional.

Just look at this example you provided: RateLimit-Limit: 10000, 10000;w=300 RateLimit-Reset: 300

It seems to have duplicated information. I do understand the benefit of the extensibility in the Limit field, but it could get too complex too soon for clients to consume.