Is there any way to enforce rate limit for IIQ plugin API ?. We have developed an plugin API and we wanted to add rate limit.
There are no inherent rate limits as far as IIQ APIs are concerned. You could potentially build that kind of functionality into the code that is executed by API requests, but since API requests are generally not session-oriented, it’d be difficult to ensure that subsequent requests are process by the same host, adding the ability to “replicate” request records across hosts would effectively require using the plugin DB to hold request metrics, which would add delays and extra processing to each request to pull, verify, and update those metrics.
1 Like
I agree with Brian.
You’d either need to store the state in the database or use a third-party product like Hazelcast to distribute the values across the IIQ cluster.
I disagree that updating the state in the DB would add a significant amount of load. Authentication and authorization already reads the entire Identity object from the database, which will be a larger DB operation than any single-table update.
1 Like