https://typesense.org logo
Join Slack
Powered by
I'm planning to use typesense cloud for an applica...
# community-help
g
I'm planning to use typesense cloud for an application I am developing. I noticed that typesense offers built-in rate limiting which is tied to an API key. I want to rate limit individual users so one user cannot make many requests and scrape our data, but I do not want to limit all users as a whole. To avoid needing a separate service to handle rate limiting, I was considering the possibility of assigning each users their own api key which does not expire. This way, I can take advantage of the built in rate limiting without letting a single malicious user rate limit other normal users. My question is: Is typescript designed/capable of supporting so many api keys? If my app ends up scaling to millions of users, will typescript be able to efficiently match api keys against a list of millions without getting bogged down? Will it also be able to keep track of all of these keys usages for rate limiting without getting bogged down? I wanted to make sure since the key matching mechanism may not have been designed for such a use case. If you could let me know if this a good idea to implement per-user rate limiting and let me know of any other design concerns I should consider, that would be great! Thanks!
j
> I noticed that typesense offers built-in rate limiting which is tied to an API key. May I know where you found this information?
g
The exact details may have been a bit derived from various forums and such, but I do see this article from typesense https://typesense.org/docs/cloud-management-api/v1/rate-limits.html
j
That rate limit is for the Cluster Management API which is used to provision clusters, manage their lifecycle, etc. Once a cluster is provisioned the search APIs are then not rate limited
That said, the reason I asked is because we did work on the ability to add rate limits to each API key inside of Typesense a while ago, but we haven't yet documented it and so haven't tested it out in the wild. So I was curious if somehow you stumbled on that part of the code inside of Typesense 😀
Anywho, the feature is not yet ready from primetime and might have gone stale now since we've made many other changes since, so for now I would recommend using some other service in front of typesense if you need more granular rate limiting
g
Ah, Ok. Back to the ol' drawing board. Thank you for the very quick and detailed response!
👍 1
j
Btw, if scraping protection is what you're looking for, you might need to rate limit across all users. Here's what we typically recommend: https://typesense.org/docs/guide/data-access-control.html#scraping-protection
Just using limit_hits inside a scoped api key thwarts scrappers well enough from what we've seen
g
That is what I am trying to stop. Cool, I'll look into this
Open in Slack
PreviousNext
Powered by