Rate Limiting
Rate Limiting
To prevent abuse, you should consider adding rate limiting to your APIs. For example, you may want to limit the API usage of each user to be at most 100 API calls within a period of 10 minutes. If too many requests are received from a user within the stated period of the time, a response with status code 429 (meaning "Too Many Requests") should be returned.
To enable rate limiting, the user identity class should implement yii\filters\RateLimitInterface. This interface requires implementation of three methods:
-
getRateLimit(): returns the maximum number of allowed requests and the time period (e.g.,[100, 600]means there can be at most 100 API calls within 600 seconds). -
loadAllowance(): returns the number of remaining requests allo