Couchbase API rate limiter

Submitted by gnikolovski on Sat, 02/04/2017 - 12:19

Couchbase API rate limiter

Couchbase API rate limiter

If you are building any kind of API then you now, or at least you should now, that limiting the number of requests is one of the most important parts of your system. You don't want to allow anyone to hammer you endpoints without any kind of limitations. The more popular your app is becoming, the more shady characters will start to poke around your API. Basic protection is a must in today's world of internet.

Most PHP frameworks today have a concept of the middleware. The middleware is a layer that stands between user request and your app, and this is the perfect place to put request limiting mechanism. Before any request reaches your app, it has to pass through middleware. To count number of incoming request per user you must have some sort of storage to persist data, and this storage has to be fast, in order to avoid slowing down your app.

NoSQL databases are growing in popularity every day, and because their key/value nature they are the perfect storage for request limiting layer. Couchbase is one of the most popular NoSQL databases today, and if you are creating an app that uses this database, then using it also to store request data is a perfect solution. My recommendation is to create a separate bucket for storing temporary data, in order to avoid mixing it with you business data.

I created a simple middleware that counts number of incoming request from IP addresses per unit of time. IP address is saved as a key, and the number of requests from that address is an integer value. When you combine this, with a Couchbase document that has an expiration date (so called time to live - TTL), you get simple but powerfull and fast rate limiter. This package was originally written for integration with Slim framework, but you could use it with your custom project or with other frameworks. To install package, use composer:

composer require gnikolovski/cb-rate-limiter

If you want to see the documentation or code please visit project's Github page, where you will find more details on how to use this package.