@Api\Security\MaxRequestsPerMinute¶
Limiting number of requests to an endpoint¶
This annotation allows you limit the number of request to an endpoint per minute from the current IP-address.
The basic syntax is:
@Api\Security\MaxRequestsPerMinute( $limit, $identifier )
An example would be:
// Limit access to all endpoints with "my_id" to 10 per IP and minute
@Api\Security\MaxRequestsPerMinute( 10, "my_id" )
// Limit overall access to all endpoints using this annotation to 10 per IP and minute
@Api\Security\MaxRequestsPerMinute( 10 )
Exceeding the given number will result in an 403
Error response.
The optional argument my_id
can be any arbitrary key.
- When using the same key in multiple endpoints, all endpoint calls with the same key will be counted
- Without an id, all endpoints using the annotation will be counted
<?php
namespace My\Extension\Api;
use Nng\Nnrestapi\Annotations as Api;
use Nng\Nnrestapi\Api\AbstractApi;
/**
* @Api\Endpoint()
*/
class Example extends AbstractApi
{
/**
* @Api\Security\MaxRequestsPerMinute(5, "getSettings")
* @Api\Access("public")
*
* @return array
*/
public function getSettingsAction()
{
return ['nice'=>'result'];
}
}
Hint
The \nn\rest::Security()
-Helper has many useful methods in case you would like
to handle checking for limits and locking users manually.
Have a look at \Nng\Nnrestapi\Utilities\Security
for more details.
// returns FALSE if IP has exceeded number of requests for `my_key`
$isBelowLimit = \nn\rest::Security( $this->request )->maxRequestsPerMinute(['my_key'=>60]);
// manually lock an IP for 5 minutes
\nn\rest::Security( $this->request )->lockIp( 300, 'Reason why...' );
// unlock the IP
\nn\rest::Security( $this->request )->unlockIp();