Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Discussion options

paula-em-lafon
Mar 1, 2021

Hi, I hope you are well

I checked your package and the documentation and I'm confused as to how to use this package for throttling. A nice little guide would be helpful.

Thank you and regards
You must be logged in to vote

Replies: 2 comments

Comment options

florimondmanca
Mar 1, 2021
Maintainer

Hello @paula-em-lafon 👋

First off, don't want to sound butt-hurt but I'd like as much as possible for this project to be a community-supported effort (I started this because a previous API Key package was abandoned due to the sole maintainer having left the field), so I hope you understand the effect that receiving an issue starting with "You should do XYZ" can have. :-)

Instead, let's consider this a community effort. Could you rephrase where this suggestion comes from? Were you confused by something in the docs that you thought would have explained things in deeper detail, but it didn't? What could we do to make it better?

I don't think I personally got my hands dirty playing with drf-api-key + throttling myself; at the time I just had this rough idea that once one has got an API key-based permission system in place, we could also use that info to throttle API calls based on the usage of those API keys (rather than say a user account).

So if we'd like a clearer explanation of how throttling could work in conjunction with this package, maybe a valuable next step would be to experiment with that, and then upgrade the docs with anything we find worth adding? That's something anyone interested in that could dive into a bit. Publishing a blog post or any other material we could link to from the docs works, too. :)
You must be logged in to vote
0 replies
Comment options

paula-em-lafon
Mar 2, 2021
Author

After reading some of the source code for the Django Rest Framework Throttling here I came to the conclusion that perhaps it could be implemented in a similar manner to the class UserRateThrottle. Some questions remain to be answered but this is a very interesting project that I think I might like to contribute to (esp. on the token authentication throttling side of things). Django rest framework's throttle system seems at the same time very powerful and kinda poorly documented.

I think that perhaps by overriding the SimpleRateThrottle's 'get_cache_key' method can be the way to do the throttling itself. Maybe with something like:

def get_cache_key(self, request, view):
    scope = 'apikey'
        if APIkey.is_valid(request.META['HTTP_AUTHORIZATION'].split()[1]):
        ident = request.META['HTTP_AUTHORIZATION'].split()[2]
        else:
            ident = self.get_ident(request)

        return self.cache_format % {
            'scope': self.scope,
            'ident': ident
        }
You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
🙏
Q&A
Labels
question Further information is requested
2 participants
@paula-em-lafon @florimondmanca
Converted from issue

This discussion was converted from issue #160 on June 04, 2022 16:39.

Morty Proxy This is a proxified and sanitized view of the page, visit original site.