Rate limit API calls in identity-lib package
As a developer building a client application that calls the identity API's,
I want to rate limit the calls to the identity API's,
So that the client application does not exceed the rate limits set by the API gateway.
Acceptance Criteria:
- Repeated calls to an identity API do not exceed the rate limit set by the client or the default rate limit if not explicitly configured.
- When a subsequent call to the API exceeds the rate limit, the system gracefully handles the request, including implementing sleep and retry mechanisms.
- If the retry operation(s) fail, the error returned by the server is cascaded up the stack.
- README.md is updated to explain rate limit configuration and usage, ensuring clear documentation for developers.
Background
This feature would be best implemented within the identity-lib
package with a generic method that applies to all identity API's including Card API, Photo API, Student API and Staff API.
Need to confirm the rate limits set by the API Gateway and select a sensible default value to set within identity-lib
if a value is not set by the client.
The feature is of immediate use to the card client that returns large sets of card data - and hence multiple call to the Card API - for each card client operation.
Open Questions:
- Do we need a rate limit per service or a global limit covering all requests to the API Gateway?
- How should we handle the configuration of rate limits? (e.g. configuration file, environment variables)
- What should be the default rate limits if not configured?
- Should we log rate limit exceedances for auditing and debugging purposes?
- Should there be any additional error handling and recovery mechanisms?
- What happens if the API Gateway rate limit is subsequently lowered below the default set here?