How to throttle requests in a Web Api?
I'm trying to implement request throttling via the following:
Best way to implement request throttling in ASP.NET MVC?
I've pulled that code into my solution and decorated an API controller endpoint with the attribute:
[Route("api/dothis/{id}")]
[AcceptVerbs("POST")]
[Throttle(Name = "TestThrottle", Message = "You must wait {n} seconds before accessing this url again.", Seconds = 5)]
[Authorize]
public HttpResponseMessage DoThis(int id) {...}
This compiles but the attribute's code doesn't get hit, and the throttling doesn't work. I don't get any errors though. What am I missing?
Answer
The proposed solution is not accurate. There are at least 5 reasons for it.
- The cache does not provide interlocking control between different threads, therefore multiple requests can be process at the same time introducing extra calls skipping through the throttle.
- The Filter is being processed 'too late in the game' within web API pipeline, so lots of resources are being spent before you decide that request should not be processed. The DelegatingHandler should be used because it can be set to run at the beginning of the Web API pipeline and cutting off the request prior doing any additional work.
- The Http cache itself is dependency that might not be available with new runtimes, like self-hosted options. It is best to avoid this dependency.
- Cache in the above example does not guarantee its survival between the calls as it might be removed due to memory pressure, especially being low priority.
- Although it is not too bad issue, setting response status to 'conflict' does not seem to be the best option. It is better to use '429-too many requests' instead.
There are many more issues and hidden obstacles to solve while implementing the throttling. There are free open source options available. I recommend to look at https://throttlewebapi.codeplex.com/, for example.