[Ovmsdev] HTTP API Quotas on api.openvehicles.com
Mark Webb-Johnson
mark at webb-johnson.net
Thu May 18 10:13:35 HKT 2023
Looking through the server logs, it is clear that (probably unintended) abuse of the HTTP/HTTPS API is a primary cause of overloading issues with the api.openvehicles.com <http://api.openvehicles.com/> server. Some users are issuing the same HTTP API request every 5 or 10 seconds (each time doing a complete expensive SSL negotiation).
Accordingly, I’ve committed some simple code to try to limit the impact of this. This is configured on the api.openvehicles.com <http://api.openvehicles.com/> server as:
On the first connection, each source IP is given an initial quota allowance of 12 requests.
Every minute, the quota is topped up with another 3 requests (subject to a maximum quota of 24).
Every HTTP/HTTPS API call reduces the quota by 1.
Should the quota hit zero, a 20 second delayed 429 (too many requests) response will be sent.
If no requests are seen for 5 minutes, the quota is cleared.
This allows reasonable use of the API, while fairly sharing the limited resources of this free service. I am only seeing six users currently rate limited by these new quotas, while the CPU utilisation has gone from 100% of one core (pre-quota) to ~50% now (with quota). This implies that just those six users were consuming almost half the server resources.
Anecdotally, things feel much more snappier now for API v2 users, with server connections completing in under a second.
Regards, Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20230518/bce83f31/attachment.htm>
More information about the OvmsDev
mailing list