IETF Logo Mail Archive

[httpapi] RateLimit Header client implementations

Darrel Miller <darrel@tavis.ca> Wed, 30 December 2020 03:16 UTC

Return-Path: <darrel@tavis.ca>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8304C3A0E66 for <httpapi@ietfa.amsl.com>; Tue, 29 Dec 2020 19:16:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tavisdev.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8j_3jLnbcSag for <httpapi@ietfa.amsl.com>; Tue, 29 Dec 2020 19:16:54 -0800 (PST)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2048.outbound.protection.outlook.com [40.107.92.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B52493A0E65 for <httpapi@ietf.org>; Tue, 29 Dec 2020 19:16:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jayzjC/rW9sQGJvnQ93uf4402FYN/PR03neXmd5O8LhuQeXroNaehLSlHpJvis+RGTjGBSVQZi2tCllmCNlKI6YDgqe5JV0Jos+mbIOM4J6aw2IZj91QCnu4FZJp0x9j/Meh91HwTh0VF8ckggOLtcoPkGIoPt54t3alVwOcA5QuLb+uOnHcJeW+3QY9IvQtJFdbnphMdpagH+NETYvj+VPet4TljEEgbbbAPb1VV+1iRMBW/6ONDxI2U8EGMbGDyGLFaaQyt2tupohhWPUYKzKBZaVR8mA9VxAfYNeTwiHk0PMaLH/XUcsJFUxb9nJY2oH1H/5AGEIEhjL5vQ1Q7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zIkzd6c21e1LCWag1ESPSdgAzpH89yoQ7s351XsZPHM=; b=dAnPnlhPmLpV14SDd6FKpY5tflYE5jEfHF3LJusyQb/ZY0U2Omkue4CjBQ2pKb5RUjTmeoFkrdcmDKlvLUz4hxQqMiHKkt/zEs2pcN27EbbyuBeM59RmiHQNrRyfLcZa7bHh0Wqg8li3XDcWmv1+Ja1C7oxA96Qm2iRM7cj3OZzz6BAV5ChGjhW0Yimfr07y/xYiSsBU4VzAdY1S7A4OSNqYuFtA4zquB7MD2C94NBI1NVCGS/euAmlPqabxmMEFpTqb0Twt66alU2UtJ9INssD5dZtJw0ItDlsVgJ79qYAiBBFsdfiTNrgPFzkYZ8SxuCu9TYR9XRYQtuuaxVukFA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=tavis.ca; dmarc=pass action=none header.from=tavis.ca; dkim=pass header.d=tavis.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tavisdev.onmicrosoft.com; s=selector2-tavisdev-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zIkzd6c21e1LCWag1ESPSdgAzpH89yoQ7s351XsZPHM=; b=YrSFUdzRNGWz/WUDIhS9Ri3t2M574eFDmPDOko44/nBDULYbhSYdokqr+OGPPe/gWBbD00OOsvRy5/T6HxQlSG+Eda2wPKLng+4DMRMCeeAVBxY7mbsV6Pa5NDNnCEsvdmv3caJ6hKvlAFnAlN6w9nTzSxHG9e3DiGBTUlknzZk=
Received: from DM6PR01MB4937.prod.exchangelabs.com (2603:10b6:5:56::26) by DM6PR01MB5882.prod.exchangelabs.com (2603:10b6:5:14e::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.27; Wed, 30 Dec 2020 03:16:51 +0000
Received: from DM6PR01MB4937.prod.exchangelabs.com ([fe80::f0ab:491d:c78a:e073]) by DM6PR01MB4937.prod.exchangelabs.com ([fe80::f0ab:491d:c78a:e073%5]) with mapi id 15.20.3700.031; Wed, 30 Dec 2020 03:16:51 +0000
From: Darrel Miller <darrel@tavis.ca>
To: " httpapi@ietf.org " <httpapi@ietf.org>, "robipolli@gmail.com" <robipolli@gmail.com>
Thread-Topic: RateLimit Header client implementations
Thread-Index: AQHW3lKxGhpPRJVD8kOy66GCWE4TNA==
Date: Wed, 30 Dec 2020 03:16:51 +0000
Message-ID: <DM6PR01MB49370264EE9621D603FEAA81A3D70@DM6PR01MB4937.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=tavis.ca;
x-originating-ip: [74.15.147.35]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9f0c60ef-04a2-45d7-d71c-08d8ac7159fe
x-ms-traffictypediagnostic: DM6PR01MB5882:
x-microsoft-antispam-prvs: <DM6PR01MB5882D9A29B15156BE7C6E17EA3D70@DM6PR01MB5882.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EuePhrRkGyqhIA4p0l0sDvOeWpCUHnXPm0z/D7G6ZK+yZr+VhoYRXqTLCpBoNf1JR1LX8CH2djvp3Xc1V2LRVW1dh9f1Y8riFmNisBbeC+p0dlqbWDEHDM1MqYaUSpmD0umwnMn7L2qS06MImy9z9IFeTPWM98tgIm0RG2XslPnBAyEl8it+RTfTAPtET6+m0a/pQrLxxxHhPDgB1+Ec/6FOwKDmdIJwClSQQuZN3IM/lIA4+hGHYlWjbV4reVAu4SsySCkIZz8Nheiw3acU2742KYq3OEpzxhlgTejyRBJY7CiBlMUb24ogHlWD5NPk0NLz/vKEmxnr3988UwLRRjSt1Z1TefcP8nBk+86Iih+p3WLmy0l18IfBMt4ApoykGBHX9SENCbzzJnx9LxZS6g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR01MB4937.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(366004)(396003)(39830400003)(376002)(346002)(136003)(52536014)(26005)(91956017)(8936002)(6506007)(186003)(66476007)(478600001)(9686003)(55016002)(66946007)(86362001)(3480700007)(110136005)(66556008)(64756008)(83380400001)(71200400001)(2906002)(66446008)(8676002)(5660300002)(33656002)(7696005)(316002)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: rpsybuqTVfutKP93e6GMLtzYo5+8tCnXxK0gEFYX+06WCt8GZBf1mNwUtP3ZaC8J9Xsa1Wekyum25l4pJXNRbTZuFJhtzLdbnppdQqNfNa37IP99y1c9QguMeND1RkOJwi7kTH0IZDMzInRih7mQSer8euTMhB/EQHZbdYEGRgv4ShduTPkPxKHzUUjyFN/dvtzCIG/puM+wGkrzuo2RWB2QHdoUrCPuF9Jly30hElWK7Ki9GQdkwUvIEpnxFMY9SWkASHbjV/su03RjkYJVnOZjPE/h2qdLMR4ePdURYppnMtfz57m96NG2yOalNpcSMAhx2Pi/HcoBeW6i73gky0NtFXCAmqqBkGrEHkyh72PO89Z8QhqqM5WoipVEFeQD2YWL/4QjAve94Zbeo5DStAFu2KbEhtvYU7z6uJjWOFeerAvW4A5WBdMcq7p+GNhAVWNhkfPGWIyqOBLaJA1FhNk/YoL06vkXijx4Xv0yPGAZ6Cec8H33RjPshTp4SnA8AUBw7TluF7C0vrzQhQoPTL2P3IJBmUourD3lj4BEz00mLq1Vzplim1PryGKhjAP2dzi/KIgkG6mvKwH5uDCdGf5vz7kJRWfj2zf77Ot/woVowYGyBEG0wFdTMF7L5ywonqu7FkLolY9zHSu8A2qHVZNnRFTmr2KZLPooTF9MHRxlQxEF8Y2ccA969FhfjZkwyRo563aHNGb9aAeWYf5TB9MC/7fl52ZyQwf5GOV3/lvTr8PjwdZswxUNy7QPYFZMRwKvG2DzB1EPBytCgxm1rJBeSx7N1LLrg9hv1xyqkU6P220Grj6Krna4R2gBfBLCh93dJpZ5f3KOIONhOO6WdTtiCVpwuCGg/dm5TyT/mXkFmCEfP8m3vDZ0NzpX2g9JjoOm9cnkMn2LLZRg624oTbk4STTIIBMoHM/f714P519ZbH4kBK0F8Od/UdaDw1K9ClqRcnPnoAX9pvhtI3PRv5G4yl0diM233YF6ybZh3sUFRKzlN+pe7iVy0Bqvrz++
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR01MB49370264EE9621D603FEAA81A3D70DM6PR01MB4937prod_"
MIME-Version: 1.0
X-OriginatorOrg: tavis.ca
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4937.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9f0c60ef-04a2-45d7-d71c-08d8ac7159fe
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Dec 2020 03:16:51.3131 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8cea02ec-9788-4bac-a19b-3e782a3e9bb0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TRuFodP9ebrshGLY9Cjv1bMK9PUt2WdSZzFjFikv1xMKSVYvGz9upjAjoH98tyhC
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB5882
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/JfZtyQ09NTc0yaim2WhveXVvb5Q>
Subject: [httpapi] RateLimit Header client implementations
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2020 03:16:56 -0000

Hey Roberto,

Do you have links to implementations of client applications that use some variant of the rate-limiting headers?
I know there are plenty of examples of server side implementations that will return these headers, but I am finding very few examples of clients taking advantage of these headers.

>From what I understand there are a few scenarios where clients can use these headers:


  1.  Optimizing polling frequency:  i.e. check quota and window and determine optimum calling interval
  2.  Prioritization between client tasks:  Don’t let low priority tasks starve high priority tasks of quota
  3.  Enable user agents to avoid hitting rate limit due to some kind of punitive behavior.

Are you aware of other scenarios?  Are there implementations of these scenarios?

While reviewing the goals for the draft I was wondering if they could be improved.


  *   The goals of this proposal are:
  *
  *   1. Standardizing the names and semantic of rate-limit headers;
  *   2. Improve resiliency of HTTP infrastructures simplifying the enforcement and the adoption of rate-limit headers;
  *   3. Simplify API documentation avoiding expliciting rate-limit fields semantic in documentation.

The second goal seems only indirectly related to what the draft actually enables.  A phrase in the introduction paragraph seems like a more accurate goal:


  *   communicate service quotas so that the client can throttle its requests and prevent 4xx or 5xx responses.

I also thing the third goal would be clearer stated as:

  *   Simplify API documentation by eliminating the need to define custom quota related header fields.

Darrel

v2.23.0 | Report a Bug | By Email