Rate Limiter in .Net core Web API

Rate Limiter in .Net core Web API

The Rate Limiter is a part of the System Design concept. Rate limiting is commonly used to protect underlying services and resources from being overloaded by malicious or excessive traffic.

It can be implemented at the network level, the application level, or the database level. The level at which rate limiting is implemented will depend on the specific needs of the system.

Rate limiting is an important tool for protecting distributed systems from malicious and excessive traffic. It can help to prevent denial-of-service attacks, improve performance, and reduce costs.

Benefits of using the Rate Limiter:

  • Prevents denial-of-service attacks: Rate limiting can help to prevent denial-of-service attacks by limiting the number of requests that can be made to a system. This can help to protect systems from being overwhelmed by malicious traffic.
  • Improves performance: Rate limiting can improve performance by reducing the load on systems. This can be helpful for systems that are under high traffic or that have limited resources.
  • Reduces costs: Rate limiting can help to reduce costs by reducing the amount of bandwidth that is used. This can be helpful for systems that have high bandwidth costs or that are limited by bandwidth.

Almost all APIs published in large tech companies enforce some form of rate limiting. For example, Social media sites limit the number of posts per user per 60 seconds

The rate limiter can be implemented either at the client or server side, but client-side implementation is not a good practice generally speaking because it can be forged by malicious actors and will have less control for this type of implementation. Whereas server-side implementation is a good practice because it has full control over it.

If you are considering implementing rate limiting, there are a few things that you should keep in mind:

  • The type of rate limiter: There are many different types of rate limiters, and the best type for your system will depend on your specific needs.
  • The level of granularity: Rate limiting can be implemented at various levels in a system. The level of granularity that you choose will depend on your specific needs.
  • The impact on legitimate users: Rate limiting can impact legitimate users by slowing down their requests. You need to carefully consider the impact on legitimate users before implementing rate limiting.

Implanting the Rate Limiter concept in the .Net Web API .

Create a .Net core API and configure the Rate Limiter setting in the appsettings.json file like below :

The good thing about the .Net core is that the rate limiter middleware service is available in the Framework, configure this in the startup.cs file like the below :

Now create a Controller which should return the response in order to test this :

Now, run the project locally and test this API call from the Postman tool, as you can see I have set the Rate limiter to number 5, it means the API request is allowed only 5 times after that it will throw the error where its limit is reached. The response 429 is thrown which means “Too Many Requests”

The source code for this implementation is present here on GitHub:

DileepSreepathi/APIRequestLimit (github.com)

Thank you for reading until the end. Please consider following the writer and this publication. Visit Stackademic to find out more about how we are democratizing free programming education around the world.

Did you find this article valuable?

Support Dileep Sreepathi by becoming a sponsor. Any amount is appreciated!