How difficult is it to rate limit API requests? Just Fibonacci the increasing sl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bloopernova on June 6, 2023 \| parent \| context \| favorite \| on: Reddit’s plan to kill third-party apps sparks wide... How difficult is it to rate limit API requests? Just Fibonacci the increasing slowdown. And require something like a public key to access the API so you can track requests coming from multiple hosts. Then any rate of access above that of a power user can be charged for appropriately. And make it so that activating API access is something that can't be automated so people can't create thousands of API dummy accounts.

manmal on June 6, 2023 [–]

> track requests coming from multiple hosts

The problem here is that many users are behind CGNAT, meaning many end users share a single IPv4. Unfortunately the days of counting distinct users by their IP(v4) are over.

bloopernova on June 7, 2023 | [–]

I think that could be mitigated by using a public key of some variety.

manmal on June 7, 2023 | | [–]

Every user would need one.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact