Open dorrzun opened 3 weeks ago
Thank you I appreciate your advice! I took it down about 12 hrs ago, am going to implement rate limiting
Very glad to hear that! :) I would determine an upper limit on what you're willing to pay to run the system, pretending that each API user is always using 100% of their allocated amount.
AWS API Gateway ties in cleanly with this, passing authenticated and authorized requests directly to your lambda, rather than hosting an Express server.
Here to help if you have additional questions, as I have mutual interest in maintaining a system of this nature.
It's imperative that you immediately CEASE operations and integrate some level of authentication and rate limiting for this API!
You are exposing yourself to direct financial liability for anyone making excessive requests to this system.
You'll need to carefully regulate who has access to this system and likely place an upper limit on total users, to prevent mass account registration
All that aside, I appreciate the thoughtful and thorough documentation; I can tell you mean well with this project.
A few thoughts on the design:
Consider writing/generating an OpenAPI specification and let the documentation speak for itself regarding functionality. It's a very powerful language agnostic tool.
If you haven't already, aim to reference items by their "primary key" (Item ID) rather than their English name. It's not surefire, but will be presumably long lived and unchanging