Learning the purpose of the different throttling classes in the Django REST framework

The Django REST framework provides three throttling classes in the rest_framework.throttling module. All of them are subclasses of the SimpleRateThrottle class which inherits from the BaseThrottle class.

The three classes allow us to specify throttling rules that indicate the maximum number of requests in a specific period of time and within a determined scope. Each class is responsible for computing and validating the maximum number of requests per period. The classes provide different mechanisms to determine the previous request information to specify the scope by comparing it with the new request. The Django REST framework stores the required data to analyze each throttling rule in the cache. Thus, the classes override the inherited get_cache_key method that determines the scope that will be used for computing and validating.

The following are the three throttling classes:

  • AnonRateThrottle: This class limits the rate of requests that an anonymous user can make, and therefore, its rules apply to unauthenticated users. The unique cache key is the IP address of the incoming request. Hence, all the requests originated in the same IP address will accumulate the total number of requests for this IP.
  • UserRateThrottle: This class limits the rate of requests that a specific user can make and applies to both authenticated and non-authenticated users. Obviously, when the requests are authenticated, the authenticated user ID is the unique cache key. When the requests are unauthenticated and come from anonymous users, the unique cache key is the IP address of the incoming request.
  • ScopedRateThrottle: This class is useful whenever we have to restrict access to specific features of our RESTful Web Service with different rates. The class uses the value assigned to the throttle_scope attribute to limit requests to the parts that are identified with the same value.

The previous classes are included in the Django REST framework out of the box. There are many additional throttling classes provided by many third-party libraries.

Make sure you quit the Django's development server. Remember that you just need to press Ctrl + C in the terminal or Command Prompt window in which it is running. We will make the necessary changes to combine the different authentication mechanisms we set up in the previous chapter with the application of throttling rules. Hence, we will add the AnonRateThrottle and UserRateThrottle classes in the global throttling classes list.

The value for the DEFAULT_THROTTLE_CLASSES settings key specifies a global setting with a tuple of string whose values indicate the default classes that we want to use for throttling rules. We will specify the AnonRateThrottle and UserRateThrottle classes.

The DEFAULT_THROTTLE_RATES settings key specifies a dictionary with the default throttle rates. The next list specifies the keys, the values that we will assign and their meaning:

  • 'anon': We will specify '3/hour' as the value for this key, which means we want a maximum of 3 requests per hour for anonymous users. The AnonRateThrottle class will apply this throttling rule.
  • 'user': We will specify '10/hour' as the value for this key, which means we want a maximum of 10 requests per hour for authenticated users. The UserRateThrottle class will apply this throttling rule.
  • 'drones': We will specify '20/hour' as the value for this key, which means we want a maximum of 20 requests per hour for the drones-related views. The ScopedRateThrottle class will apply this throttling rule.
  • 'pilots': We will specify '15/hour' as the value for this key, which means we want a maximum of 15 requests per hour for the drones-related views. The ScopedRateThrottle class will apply this throttling rule.

The maximum rate value for each key is a string that specifies the number of requests per period with the following format: 'number_of_requests/period', where period can be any of the following:

  • d: day
  • day: day
  • h: hour
  • hour: hour
  • m: minute
  • min: minute
  • s: second
  • sec: second
In this case, we will always work with a maximum number of requests per hour, and therefore, the values will use /hour after the maximum number of requests.

Open the restful01/restful01/settings.py file that declares module-level variables that define the configuration of Django for the restful01 project. We will make some changes to this Django settings file. Add the highlighted lines to the REST_FRAMEWORK dictionary. The following lines show the new declaration of the REST_FRAMEWORK dictionary. The code file for the sample is included in the hillar_django_restful_09_01 folder in the restful01/restful01/settings.py file:

REST_FRAMEWORK = { 
    'DEFAULT_PAGINATION_CLASS': 
    'drones.custompagination.LimitOffsetPaginationWithUpperBound', 
    'PAGE_SIZE': 4, 
    'DEFAULT_FILTER_BACKENDS': ( 
        'django_filters.rest_framework.DjangoFilterBackend', 
        'rest_framework.filters.OrderingFilter', 
        'rest_framework.filters.SearchFilter', 
        ), 
    'DEFAULT_AUTHENTICATION_CLASSES': ( 
        'rest_framework.authentication.BasicAuthentication', 
        'rest_framework.authentication.SessionAuthentication', 
        ), 
    'DEFAULT_THROTTLE_CLASSES': ( 
        'rest_framework.throttling.AnonRateThrottle', 
        'rest_framework.throttling.UserRateThrottle', 
    ), 
    'DEFAULT_THROTTLE_RATES': { 
        'anon': '3/hour', 
        'user': '10/hour', 
        'drones': '20/hour', 
        'pilots': '15/hour', 
    } 
}

We added values for the DEFAULT_THROTTLE_CLASSES and the DEFAULT_THROTTLE_RATES settings keys to configure the default throttling classes and the desired rates.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.116.159