Blog

Introducing API Limits

Written by Spencer Nguyen | July 6, 2018

Along with the release of DreamFactory 2.5.0, we added the ability to control and limit API calls to your DreamFactory instance on several levels. This feature is currently available in DreamFactory Gold. The API limits feature makes it easy to set limits on an entire DreamFactory instance, for a specific user, role, or service. Additionally, you can set limits for each user, where every user will get a separate counter.

Each API limit is based on a specific period of time when the limit expires and resets. Options here are configurable and include minute, hour, day, 7-day (week), and 30-day (month). The variety of limit types in combination with limit periods allows for a wide range of control over your instance.

The following table provides an overview of the different types of limits available. Note that the next release will feature the ability to apply limits by individual API endpoints.

Limit Type Description
Instance Controls rate limiting over the entire instance to include all services, roles, and users. Limit counter here is cumulative, regardless of user, service, etc.
User Provides rate limit control to a specified user. In the case where both a User limit and an Each User limit is set, the user-specific limit will override Each User in terms of rate. However, both counters will still increment.
Each User Sets a rate limit for each user. The main difference between this and the entire instance is that every user gets a separate counter.
Role Enable rate limiting by a specified role.
Service Enable rate limiting by a specified service.
Service by User Enable rate limiting for a specific user on a specific service.
Service by Each User Enable rate limiting for each user on a specific service.

Creating Limits

You can create a limit through the API itself or through the Admin App. For the purposes of this blog, we will explore creating a limit through the Admin App.

From the Limits tab on the main admin App menu, select Create. Select a name and description for your limit. From the Limit Type drop-down, select the type of limit. Other drop-down fields will appear based on your selection. For instance, if you select a User type limit, a list of users will be available to choose from. Additionally, you can choose to save the limit either in an Active state (default) or save it in an Inactive one, to activate later.

Managing Limits

Once limits are created, you can manage and monitor them through the Limits tab. Basic information on the limit will be available, including a current limit rate count and progress bar on the limit status.

The progress bar will remain blue as the hit counter progresses, but will turn yellow at 75% and will turn red at 90% of max limit rate.

Resetting Limit Counters

If you need to reset a limit before the limit period has passed, you can manually reset the counter back to zero for one or more limits. To reset a single limit, click the lightning bolt icon on the row for the limit. Additionally, you can reset multiple limit counters by selecting the corresponding checkbox and clicking the lightning bolt icon on the top toolbar. In either case, you will be asked to confirm your choice.

Getting Limit Information

From the API perspective, as long as you have System Admin rights, you can poll the current state of your limits. Along with the limits system resource, there is also a limits_cache resource and endpoint which allows you to poll the status of a limit, or clear one or many limits. Note that the limit cache storage is separate from the DreamFactory general storage and the location is configurable. The default location is storage/framework/limit_cache. Clearing the DreamFactory general cache will not affect the state of the limit counters.

In order to get limit-specific counter information and with the appropriate admin credentials, make a GET call to api/v2/system/limit_cache. With this call, you can get each limit’s counter information. Additionally, you can make a call to /api/v2/system/limit_cache/{id}, where {id} is the id of your limit you want information for.

To clear a limit counter, you can use a DELETE verb on /api/v2/system/limit_cache/{id} where {id} is the limit id of the limit you want to reset. Note, this will not delete the actual limit, only the limit counter. Limits can be created and deleted via normal DreamFactory conventions on /api/v2/system/limit.

In this post, we quickly covered how API limits work in DreamFactory Gold. If you'd like to learn more, sign up for a product demo or contact sales@dreamfactory.com!

Related reading: Combining Multiple Data Sources In One API With DreamFactory