If the server is working and the server application is running, there is no way a request can't be executed by the server and not return a response or an error.
However, there may be times when you want to regulate the number of requests on a specific endpoint.
Problem
You have a special endpoint for SMS verification when a password change request is made. Sounds nice, huh? Until you have a special user who will click on the button to request the SMS 10 times and the requests will be executed. That means 9 costly SMS were billed.
Not great! We want a way to only allow the next SMS requested after 1 minute. How to do it in Django?
Solution
We'll use throttling. It's similar to permissions in a way it determines if a request should be allowed. But it's used to indicate a temporary state and is used to control the rate of requests that clients can make to an API.
Let's say you have the SMS viewset that is registered in the routers.py file like this.
class SMSViewSet(viewsets.ViewSet):
http_method_names = ("post",)
...
router.register(r"password", viewsets.SMSViewSet, basename="password")
Before configuring, we need to add a new attribute to the SMSViewSet
class called throttle_scope
.
class SMSViewSet(viewsets.ViewSet):
http_method_names = ("post",)
throttle_scope = "password-reset"
...
And finally, in the REST_FRAMEWORK
configuration in the settings.py
file, add the DEFAULT_THROTTLE_CLASSES
and the DEFAULT_THROTTLE_RATES
settings.
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_CLASSES': [
'rest_framework.throttling.ScopedRateThrottle',
],
'DEFAULT_THROTTLE_RATES': {
'password-reset': '1/minute',
}
}
Following the documentation, The ScopedRateThrottle
class can be used to restrict access to specific parts of the API. This throttle will only be applied if the view that is being accessed includes a .throttle_scope
property.
You can learn more about throttling here.
Article posted using bloggu.io. Try it for free.
Top comments (1)
Thanks a lot for this hint.