python - Best practices in sanitizing public facing API? -
as part of our service building publicly available api allow user perform simple tasks (mainly automation purposes) on our platform (like commenting, closing finished tasks , creating new ones).
api https based , requires authorization in form of calling /login login , password recieve token (that can devalidated in profile). utilize pyramid, postgresql , nginx if matters.
this first project of kind , wondering how should secure thing eating of our transfer or processing powerfulness (some of api functions quite heavy). want think in context of illustration in makes little error in script (that uses our api) , post comment every sec under same task (or list comments task). 2 days.
if forcefulness reads through cache (valid, example, next 10 seconds) nail our memcached servers , not postgres base of operations - sufficient in offloading issue (so other users not affected) or silly?
if check kind of timer , wait @ to the lowest degree 5 seconds before making write (5 seconds between writes) - ok or kill our server timer checking?
i guess more of question best practices in sanitizing public api wouldn't bite creators. how do it?
what you're looking rate limiting. without more knowledge how api written can't give specific advice on how implement it, best bet rate limit api consumers can't adversely impact other users of service.
python postgresql nginx memcached pyramid
No comments:
Post a Comment