Suggestion for rate limiting
Hi, I created an API in workers for a few users. They call the API very often, so I need a cost effective way to rate limit the users' requests. I looked at storage methods that Cloudflare provides, but I'm not to sure if they are a fit for my requirements. Any suggestions would be appreciated!
4 Replies
can you give more details of the type of rate-limiting you want to implement? e.g. "for every ip_address, allow X requests per Y timeframe". The solution really depends, because if you want to impose a 50 reqs/second limitation (wild example) there is no reason to use anything other than worker's memory state (and accept the evictions as the only con). On the other hand, if you would like to impose a rule like "allow X requests per day on /blog", this is a static rule that would fit in every plan's allowance of CF rate limiting rules, so no-code at all.
So I'm trying to rate limit my users by an api key they provide. Each user would probably have around 10 req/sec. and I will probably have around 10 users. I just saw the storage methods that CF offers and it seems it'll get pricey with the amount of requests. I'll most likely use the worker's memory state as you mentioned.
Forgot to mention, it would be x requests per hour for each api key. The request limit may be different for each api key.
the in-memory state can help you (a) assuming that each api key will connect to the same edge node (not always true), and (b) you will not allow bursts, and so that, by enforcing the X/sec you will be also enforcing the Y/hour. Otherwise, you would need a persistent store.