As a service provider, I want to implement rate limiting on the API for listing properties to ensure fair usage and prevent abuse or overload of the service.
Acceptance Criteria
[ ] The API enforces a limit of 100 requests per minute per user.
[ ] Each request returns the remaining number of requests available in the current time window in the response headers.
[ ] Once a user exceeds the rate limit, all subsequent requests within the time window return HTTP 429 (Too Many Requests) status code.
[ ] The rate-limiting strategy uses a sliding window log or a token bucket algorithm to track the rate of requests.
[ ] API provides a clear error message when the rate limit is exceeded.
[ ] Rate limiting headers follow the naming convention: X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset.
[ ] The rate limit applies per individual user API key, not per IP address to allow for distributed applications.
sequenceDiagram
participant User
participant API
User->>API: Request properties listing
alt if rate limit is not exceeded
API->>User: Returns properties list + rate limit headers
else if rate limit is exceeded
API->>User: Returns HTTP 429 with rate limit headers
end
Rate Limiting
As a service provider, I want to implement rate limiting on the API for listing properties to ensure fair usage and prevent abuse or overload of the service.
Acceptance Criteria
X-RateLimit-Limit,X-RateLimit-Remaining, andX-RateLimit-Reset.