Rate Limiting REST services

One Star

Rate Limiting REST services

How can we configure Talend ESB to implement some Rate Limiting Scheme for REST services we're creating, in order to avoid the status code described below.  We'd like to do this on a user by user basis.
429 Too Many Requests
The 429 status code indicates that the user has sent too many requests in a given amount of time ("rate limiting").
The response representations SHOULD include details explaining the condition, and MAY include a Retry-After header indicating how long to wait before making a new request.
When a server is under attack or just receiving a very large number of requests from a single party, responding to each with a 429 status code will consume resources.
Therefore, servers are not required to use the 429 status code; when limiting resource usage, it may be more appropriate to just drop connections, or take other steps.
Wikipedia
The user has sent too many requests in a given amount of time. Intended for use with rate limiting schemes.
Employee

Re: Rate Limiting REST services

Right now Apache CXF ships a throttling feature, but it uses suspended invocations to pause a given request if needed. One can also use JAX-RS 2.0 AsyncResponse to cancel a given request with Retry-After if needed, but it does require the manual coding. Perhaps we can experiment with the CXF throttling feature and see if we can set Retry-After...
Sergey
One Star

Re: Rate Limiting REST services

Thank you Sergey.  I'm not sure the CXF throttling feature is quite what we're looking for, I'll take a closer look at the JAX-RS 2.0.  Is there anything else I need to do to get this on Talend's list of things to look at, or a feature request or anything?
Regards,
Kurt
One Star

Re: Rate Limiting REST services

Sergey,
I'm new at this... If I understand what I've been able to find on the internet JAX-RS is an API so how would I inject code into what Talend is generating that would use AsyncResponse to cancel requests?
Regards,
Kurt
Employee

Re: Rate Limiting REST services

Hi, sorry for a delay - I actually did not get notifications of the follow-up replies, though I'm subscribed.
I thought you might be just using Talend ESB and manually build the services and deploy them.
If it were the case then you'd just write a service using JAX-RS 2.0 AsyncResponse API and also have SecurityContext injected and check a principal name, and if needed - cancel the current request.
But now I see you build the service jobs with Talend ESB Studio and would like to set up a rate limiting feature before deploying.
Hmm...I think it is a new feature request and it is likely we will need to use a CXF rate limiting feature.
Thanks, Sergey