How do you guys handle rate limiting It occurs to me that so Prisma #prisma-whats-new

How do you guys handle rate limiting? It occurs to...

kevinbrown

07/14/2017, 11:02 PM

How do you guys handle rate limiting? It occurs to me that someone could build a bot which just sits there and hits my

graph.cool

endpoint with a bunch of requests. Two concerns, the first is billing, that’d probably lead to some severe bill shock, and secondly, what protections are in place to stop someone registering a flood of users, etc?

❓ 2

👍🏻 1

kevinbrown

07/14/2017, 11:03 PM

Also, things like brute force password attacks come to mind.

lancej

07/15/2017, 1:40 AM

Good question. This also came to my mind. Since they are using AWS Serverless, I would hope that the API gateway is set up right. The gateway does have DOS protection but a flood of creates would be an issue

kevinbrown

07/16/2017, 5:11 AM

@nilan, sorry to poke you directly, just wondering if there are any docs or similar that I can look at to answer this question.

👍🏻 1

nilan

07/16/2017, 4:44 PM

Hey @kevinbrown and @lancej, thanks for your concerns! We do have a request limit that's per project. We'll offer customizable settings and a better transparency into who made what requests soon.

nilan

07/16/2017, 4:45 PM

Finally, if you think you're experiencing an abuse, please reach out to me immediately. We'll be able to figure out the billing question together, I'm sure 🙂

kevinbrown

07/18/2017, 12:13 PM

Thanks @nilan, very helpful! So that I’m aware, what are the default settings at this stage? We’re still in development, just doing our due diligence and want to make sure I know how it works before we depend on graph.cool in production.

nilan

07/18/2017, 12:15 PM

It's some dozen per second, I can't recall the specific limit at the moment.

3 Views

Open in Slack

Previous Next