In this chapter, we will use the additional features included in Django and Django REST Framework to improve our RESTful API. We will also write and execute unit tests and learn a few things related to deployment. We will cover the following topics in this chapter:
So far, we haven't established any limits on the usage of our API, and therefore, both authenticated and unauthenticated users can compose and send as many requests as they want to. We only took advantage of the pagination features available in Django REST Framework to specify how we wanted large results sets to be split into individual pages of data. However, any user can compose and send thousands of requests to be processed without any kind of limitation.
We will use throttling to configure the following limitations of the usage of our API:
In addition, we want to configure a maximum of 100 requests per hour to the game categories related views, no matter whether the user is authenticated or not.
Django REST Framework provides the following three throttling classes in the rest_framework.throttling
module. All of them are subclasses of the SimpleRateThrottle
class, which is a subclass of the BaseThrottle
class. The classes allow us to set the maximum number of requests per period that are computed based on different mechanisms to determine the previous request information used to specify the scope. The previous request information for throttling is stored in the cache and the classes override the get_cache_key
method that determines the scope.
AnonRateThrottle
: This class limits the rate of request that an anonymous user can make. The IP address of the request is the unique cache key, and therefore, all the requests coming from the same IP address will accumulate the total number of requests.UserRateThrottle
: This class limits the rate at which a specific user can make requests. For authenticated users, the authenticated user ID is the unique cache key. For anonymous users, the IP address of the request is the unique cache key.ScopedRateThrottle
: This class limits the rate of request for specific parts of the API identified with the value assigned to the throttle_scope
property. The class is useful when we want to restrict access to specific parts of the API with different rates.3.14.251.128