throttling

Provides various throttling policies.

Module Contents

Classes

BaseThrottle() Rate throttling of requests.
SimpleRateThrottle(self) A simple cache implementation, that only requires .get_cache_key()
AnonRateThrottle() Limits the rate of API calls that may be made by a anonymous users.
UserRateThrottle() Limits the rate of API calls that may be made by a given user.
ScopedRateThrottle(self) Limits the rate of API calls by different amounts for various parts of
class BaseThrottle

Rate throttling of requests.

allow_request(request, view)

Return True if the request should be allowed, False otherwise.

get_ident(request)

Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR if present and number of proxies is > 0. If not use all of HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.

wait()

Optionally, return a recommended number of seconds to wait before the next request.

class SimpleRateThrottle

A simple cache implementation, that only requires .get_cache_key() to be overridden.

The rate (requests / seconds) is set by a rate attribute on the View class. The attribute is a string of the form ‘number_of_requests/period’.

Period should be one of: (‘s’, ‘sec’, ‘m’, ‘min’, ‘h’, ‘hour’, ‘d’, ‘day’)

Previous request information used for throttling is stored in the cache.

__init__()
get_cache_key(request, view)

Should return a unique cache-key which can be used for throttling. Must be overridden.

May return None if the request should not be throttled.

get_rate()

Determine the string representation of the allowed request rate.

parse_rate(rate)

Given the request rate string, return a two tuple of: <allowed number of requests>, <period of time in seconds>

allow_request(request, view)

Implement the check to see if the request should be throttled.

On success calls throttle_success. On failure calls throttle_failure.

throttle_success()

Inserts the current request’s timestamp along with the key into the cache.

throttle_failure()

Called when a request to the API has failed due to throttling.

wait()

Returns the recommended next request time in seconds.

class AnonRateThrottle

Limits the rate of API calls that may be made by a anonymous users.

The IP address of the request will be used as the unique cache key.

get_cache_key(request, view)
class UserRateThrottle

Limits the rate of API calls that may be made by a given user.

The user id will be used as a unique cache key if the user is authenticated. For anonymous requests, the IP address of the request will be used.

get_cache_key(request, view)
class ScopedRateThrottle

Limits the rate of API calls by different amounts for various parts of the API. Any view that has the throttle_scope property set will be throttled. The unique cache key will be generated by concatenating the user id of the request, and the scope of the view being accessed.

__init__()
allow_request(request, view)
get_cache_key(request, view)

If view.throttle_scope is not set, don’t apply this throttle.

Otherwise generate the unique cache key by concatenating the user id with the ‘.throttle_scope` property of the view.