Addono
commented
4 years ago I would recommend that the application is not aware of this, leaving this logic to another proxy.
For example, if you're deploying the application onto Kubernetes, then you can set rate limiting at the Ingress level: https://medium.com/titansoft-engineering/rate-limiting-for-your-kubernetes-applications-with-nginx-ingress-2e32721f7f57
Like this, you do not introduce additional state in your backend logic (making it easier to horizontally scale) and prevent strict coupling between your application and the rate limiting implementation.
Currently, there's no validation and no rate limiting on the server.