Rate Limiting

[koladev32]

Is your feature request related to a problem? Please describe.

The absence of a rate-limiting feature in the current implementation makes the API susceptible to abuse, such as brute-force attacks, and may lead to system overloads. A rate-limiting feature would prevent such issues, enhancing the API’s resilience and performance.

Describe the solution you'd like

Implement a rate-limiting feature based on the API key. This feature should allow configuration of the number of requests a user can make within a specific time frame. It should also support customization, setting different rate limits for API keys or use cases. Essential components of this feature should include error handling to return meaningful messages when a rate limit is exceeded, headers to inform users of their usage status, and logging to keep track of rate-limiting events for analysis and monitoring.

Describe alternatives you've considered

An alternative could be integrating third-party middleware for rate limiting. However, having a built-in feature would ensure better compatibility and a more streamlined configuration and usage experience.

Additional context

Here is an example of how the rate-limiting configuration could look:

SIMPLE_API_KEY = {
    "RATE_LIMIT": "100/hour",  # 100 requests per hour
    "CUSTOM_RATE_LIMITS": {
        "route": "1000/hour",  # Custom rate limit for a specific route
    },
}

This configuration allows for a default rate limit and custom rate limits for specific routes, enhancing flexibility and control over API access.

[koladev32]

I think that this issue does not make sense. I mean, we can use DRF throttling for this case. Making it stalled until we can rediscuss this.