Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
Sometimes you just need to control the number of requests people make to your API. That's where throttling comes in.
-
0:00
In the last video, I dug a little deeper into permissions.
-
0:03
Permissions determine if a request is authorized.
-
0:06
Throttling is similar permissions in that it controls access to an API view.
-
0:10
The difference is that throttling controls the rate of requests that a client
-
0:14
can make to an API.
-
0:16
For example, you might want a throttle that lets authenticated users make 500
-
0:19
requests per day.
-
0:20
But anonymous or unauthenticated users only get 100.
-
0:24
There are many different approaches to throttling and
-
0:27
it all depends on the needs of your API.
-
0:29
After this video check out the teacher's notes for
-
0:31
a link to the REST framework documentation on throttling.
-
0:34
It's a good idea to at least look at the different approaches so
-
0:37
that you can make the best decision for your project.
-
0:40
I'm going to enable a global throttle for my API.
-
0:43
I'll also set a limit for authenticated and unauthenticated requests per minute.
-
0:47
Let's go do it.
-
0:49
Okay, to set up throttling, I have to start over here in settings.py and
-
0:55
right down here in my REST framework dictionary again.
-
0:59
So we set up authentication, permissions, pagination, all that stuff, so
-
1:02
now let's add in throttling.
-
1:05
As you can probably guess we set a DEFAULT_THROTTLE_CLASS or sorry CLASSES.
-
1:12
And this is also a tuple and we're gonna actually put two items into this one.
-
1:16
So we're going to rest framework.throttling.AnonRateThrottle.
-
1:23
So this one applies to anonymous users.
-
1:26
And rest_framework.throttling.UserRateThrot-
-
1:32
tle.
-
1:33
And that applies to authenticated users.
-
1:35
I kind of wish that was called AuthRateThrottle or something like that.
-
1:39
But beggars can't be choosers.
-
1:42
And then we'll do DEFAULT_THROTTLE_RATES.
-
1:49
And this is actually pretty awesome, how this works.
-
1:51
So, I specify that the anon rate, which applies to this one, right?
-
1:59
And then I set this as five per minute.
-
2:02
And you can do hours, days, all kinds of stuff there.
-
2:06
Check the docs or the teacher's notes of course.
-
2:10
But it's kind of neat how you just write it like it's English.
-
2:14
And then so for users I'm gonna say they get to do ten per minute.
-
2:18
All right, so not a really heavy throttle but not a really lax one either.
-
2:24
These are probably a little bit,
-
2:25
okay, these are definitely lower than you would use in production.
-
2:28
But it's a lot harder for me to go,
-
2:30
hey I'm gonna show you 1,000 requests in a minute when I'm doing a screencast.
-
2:36
So you understand where I'm coming from, I understand where you're going to go,
-
2:39
you're going to have higher rates in the real world.
-
2:42
You may also have way more complicated of rates where you have to identify like
-
2:46
this user's a paying customer versus this one who's a free customer, and
-
2:50
stuff like that.
-
2:51
Okay, let's not worry about that, let's just make sure that the throttling works.
-
2:56
So let's come over here and let's go to POST,
-
3:01
and I wanna grab my super user.
-
3:05
I mean I guess it doesn't matter.
-
3:06
It's authenticated user.
-
3:08
Okay, so I've got my user here and I'm just gonna try to get courses, so send.
-
3:21
All right, fine, let's use the super user then.
-
3:27
Cool, okay, so sorry about that, it's just, it's weird.
-
3:31
Okay, so I'm going to, I've done one, I get to do ten per minute, right?
-
3:37
So I'm just gonna click this button a few times.
-
3:39
So, one, two, three, four, five, six, seven, eight, nine, ten, 11.
-
3:46
And so I got throttled, right?
-
3:49
I got a 429 Too Many Requests.
-
3:51
And my request was throttled and it will be available again in 41 seconds.
-
3:56
So I've gotta wait just a little bit.
-
3:58
So that's cool,
-
3:59
that's great that I get told how long I have to wait and what's going on.
-
4:05
One last thing about throttling.
-
4:07
How did REST framework know how many requests I had made within the time limit?
-
4:11
REST framework relies on Django's cache backend settings to handle the storage
-
4:14
of the information necessary to track and throttle responses.
-
4:18
I didn't set a cache backend in my project, though, so
-
4:21
Django defaults the local memory cache backend.
-
4:23
This backend is primarily meant for local development as it's not very efficient.
-
4:28
Django provides a couple of different cache backend choices, and
-
4:30
there are many third-party packages that will extend your options.
-
4:34
In a production setting, you'll probably use something like the memcached backend.
-
4:38
I've put a link in the teacher's notes to Django's documentation on cache backends.
You need to sign up for Treehouse in order to download course files.
Sign up