Re: [httpapi] RateLimit Header client implementations
Roberto Polli <roberto@teamdigitale.governo.it> Wed, 30 December 2020 15:28 UTC
Return-Path: <roberto@teamdigitale.governo.it>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 940803A03FC for <httpapi@ietfa.amsl.com>; Wed, 30 Dec 2020 07:28:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=teamdigitale.governo.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTHqKqSY_NOy for <httpapi@ietfa.amsl.com>; Wed, 30 Dec 2020 07:28:36 -0800 (PST)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77CDB3A03F3 for <httpapi@ietf.org>; Wed, 30 Dec 2020 07:28:35 -0800 (PST)
Received: by mail-ej1-x634.google.com with SMTP id b9so22375457ejy.0 for <httpapi@ietf.org>; Wed, 30 Dec 2020 07:28:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=teamdigitale.governo.it; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=IOu3PtfhSKDpO09yAN2LqYxxVZMB8/VM1pFyPxkACLo=; b=c+PbZtDnV7S26+hEcUv3G7nb4l741abSbMDaci2Y+zxxjb6HIfO9xd5JtiJf7W3QLq d8vUWAOjQQFXKDvKbYxVe9NZED+dIGQFkAFU9tr89cOg9FbetZa9m9CyhPzOj64mW6T4 IPuH7ZMzEUeSIjdiE28RQPEk93POCo7iLQDb0eYN5E6Zvi/9fM67Bo4iEUERl4PkSG5k qQRaalRYhj3O0Iyqbrmcy/A5H820xGKoNZUFfuxAMswlXT3PI872F9tQ9b1XoC/Kl3xx I8u59XalWWYH30DnS+Rsd+mwZwFAffKMj5ipwQP4PE9OZxErhcnGb4ag99waR7HFqHaO acjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=IOu3PtfhSKDpO09yAN2LqYxxVZMB8/VM1pFyPxkACLo=; b=mhmk2RVISUkQDNeEIFS3GlmLMMNOqI2BJ73QhwhjY2/C7P6+d1X7Un/20Bp3Edh68H GiGpZM4FY6vws8eCY1PyihXwzLgU7doUvL7+z/pd4nQ0QDHjz4afD3VO61VeRCPzEfKr tK3NH5rvj76uAz7tiQFgVt9luuyWOVYTj8frPZBuXCl7U7eICZZxls1spPIvbI1Gz/BX B2u0oWh0A5O7fIFFm+rd6vI+VoVcCc39L7egj69ZOAg5tp/uR8MrSq42cPi+tFapZuFz JyPi6La15L6rri1uBbIqSdhuI5SvKpaT+OK+wWYl8hdhqh7x8ADMSBBrNBSHBElwbjPK WSjw==
X-Gm-Message-State: AOAM533GLVephIvFmI6gni0vhuaB5qP9oACZlfsMqNqG1+uGyPG6FbIx qra0Ds7M6CmiznuxFITsH03+uRDv/i3Ye8R92Gt59g==
X-Google-Smtp-Source: ABdhPJydqtCYAcb9cYulGTPKa+9EU7ZFpF0BNifc2O+Q501VzaiSy1oBWAEBjhFF3d55TwPXHBRG6+AFbdiCi8kZfYQ=
X-Received: by 2002:a17:906:2b1a:: with SMTP id a26mr31127324ejg.23.1609342114346; Wed, 30 Dec 2020 07:28:34 -0800 (PST)
MIME-Version: 1.0
References: <DM6PR01MB49370264EE9621D603FEAA81A3D70@DM6PR01MB4937.prod.exchangelabs.com>
In-Reply-To: <DM6PR01MB49370264EE9621D603FEAA81A3D70@DM6PR01MB4937.prod.exchangelabs.com>
From: Roberto Polli <roberto@teamdigitale.governo.it>
Date: Wed, 30 Dec 2020 16:28:23 +0100
Message-ID: <CAMRHeuzaKgS_um5UUsKsPxTe75j+DFtDtVzdcJcg2_Ujk9g6-A@mail.gmail.com>
To: Darrel Miller <darrel@tavis.ca>
Cc: "httpapi@ietf.org" <httpapi@ietf.org>, "robipolli@gmail.com" <robipolli@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/cR8x_N8i7hNJ24as8Cr_Ea5Jcjg>
X-Mailman-Approved-At: Wed, 30 Dec 2020 07:54:48 -0800
Subject: Re: [httpapi] RateLimit Header client implementations
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2020 15:28:39 -0000
Hi Darrel, Thanks for your support and interest in the spec! replies inline and on gh-issues. Il giorno mer 30 dic 2020 alle ore 04:17 Darrel Miller <darrel@tavis.ca> ha scritto: > Do you have links to implementations of client applications that use some variant of the rate-limiting headers? Since there is not a standard way of providing those headers, client libraries are hard to find. I saw that some cloud providers bake their custom models in their client, eg: - https://cloud.google.com/solutions/rate-limiting-strategies-techniques - https://octokit.github.io/octokit.rb/Octokit/Client/RateLimit.html > I know there are plenty of examples of server side implementations that will return these headers, > but I am finding very few examples of clients taking advantage of these headers. In my experience, clients implement the desired behavior per-service or per-api-gateway. > [..] scenarios [..]: > 1) Optimizing polling frequency: i.e. check quota and window and determine optimum calling interval Yes, this is quite useful when you have a continuous flow of (queued) requests that can be tuned. > 2) Prioritization between client tasks: Don’t let low priority tasks starve high priority tasks of quota. Yes, see https://github.com/ioggstream/draft-polli-ratelimit-headers/issues/69#issuecomment-548323736 replace user with whatever quota key you want. ``` # pseudocode for user, request_data in queue: if user.has_quota(): # checks headers, ratelimit-reset, retry-after, whatever response, headers = make_request(conn, request_data, user) user.update_quota(headers) ``` > 3) Enable user agents to avoid hitting rate limit due to some kind of punitive behavior. This was probably the main goal for this spec: specifically when orchestrating some kind of "live" transactions (eg. payment, ... ) hitting a ratelimit can be problematic. In those cases the "consumer" service has a way to know whether to accept a request that may be blocked at some point. > Are you aware of other scenarios? Your scenarios seem to cover all the main ones; @Alex Martinez Ruiz is welcome to join the discussion. > Are there implementations of these scenarios? I saw only custom implementations. My experience is mainly related to scenario 3) availability respect to performance. A ratelimit landscape is here: - https://github.com/ietf-wg-httpapi/ratelimit-headers/issues/25 but we can file another issue for client implementations. ## Improving goals > While reviewing the goals for the draft I was wondering if they could be improved. > 1. Standardizing the names and semantic of rate-limit headers; > 2. Improve resiliency of HTTP infrastructures simplifying the enforcement and the adoption of rate-limit headers; > 3. Simplify API documentation avoiding expliciting rate-limit fields semantic in documentation. Let me see... > The second goal seems only indirectly related to what the draft actually enables. > A phrase in the introduction paragraph seems like a more accurate goal: > communicate service quotas so that the client can throttle its requests and prevent 4xx or 5xx responses. I stated the overall goal of the specification, but I'm open to a more technical perspective. > I also thing the third goal would be clearer stated as: > > Simplify API documentation by eliminating the need to define custom quota related header fields. While this is true, what I want to get rid of is the limit communicated via pdf or web pages, eg. https://developer.service.hmrc.gov.uk/api-documentation/docs/reference-guide Let me know if this makes sense to you. I filed a specific issue https://github.com/ietf-wg-httpapi/ratelimit-headers/issues/26 so we can track down easily this thread. Have a nice day, R. -- Roberto Polli API Expert M. +39 3406522736 MID DIPARTIMENTO PER LA TRASFORMAZIONE DIGITALE Presidenza del Consiglio dei Ministri - Ministro per l'innovazione tecnologica e la digitalizzazione https://innovazione.gov.it/ Il Dipartimento per la Trasformazione Digitale, salvo eccezioni, comunica con le altre Amministrazioni via posta elettronica ordinaria e non posta elettronica certificata, in conformità a quanto previsto dall’art.47 del Codice dell’Amministrazione Digitale.
- [httpapi] RateLimit Header client implementations Darrel Miller
- Re: [httpapi] RateLimit Header client implementat… Roberto Polli
- Re: [httpapi] RateLimit Header client implementat… Alex Martinez
- Re: [httpapi] RateLimit Header client implementat… Darrel Miller
- Re: [httpapi] RateLimit Header client implementat… Alex Martinez
- Re: [httpapi] RateLimit Header client implementat… Darrel Miller
- Re: [httpapi] RateLimit Header client implementat… Alex Martinez
- Re: [httpapi] RateLimit Header client implementat… Roberto Polli