Rate limiting and API keys

#1 - May 20, 2013, 2:07 p.m.

Hey first of all: Thanks! The release of an official API is really awesome news, and I’m very excited about all the possible things that come out with these things now.

However I would really suggest you to rate limit the API as quickly as possible and get some API key mechanism out there. Otherwise I can already see the services being DDoS’ed or simply die out because of too many API requests—and I really don’t want that to happen. Introducing a rate limit will make developers to use the API in a more deliberate manner and prevent those things before they happen.

Cliff Spradlin

#2 - May 20, 2013, 2:21 p.m.

Hi,

Thanks for your suggestions.

I agree that API keys and rate limiting are important when accessing services that have limited resources.

The APIs being released today were specifically designed to handle high amounts of concurrency and utilization, and so for these APIs we feel like we don’t need to implement strong controls. That said, we’re closely monitoring usage, and if we need to we may implement stronger rate limiting.

We are working on more fine-grained rate limiting systems like you describe for future APIs; some of the ones we are considering would definitely require stronger limits.