You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/api-guide/throttling.md
+10-10Lines changed: 10 additions & 10 deletions
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ As with permissions, multiple throttles may be used. Your API might have a rest
12
12
13
13
Another scenario where you might want to use multiple throttles would be if you need to impose different constraints on different parts of the API, due to some services being particularly resource-intensive.
14
14
15
-
Multiple throttles can also be used if you want to impose both burst throttling rates, and sustained throttling rates. For example, you might want to limit a user to a maximum of 60 requests per minute, and 1000 requests per day.
15
+
Multiple throttles can also be used if you want to impose both burst throttling rates, and sustained throttling rates. For example, you might want to limit a user to a maximum of 60 requests per minute, and 1000 requests per day.
16
16
17
17
Throttles do not necessarily only refer to rate-limiting requests. For example a storage service might also need to throttle against bandwidth, and a paid data service might want to throttle against a certain number of a records being accessed.
18
18
@@ -44,7 +44,7 @@ You can also set the throttling policy on a per-view or per-viewset basis,
44
44
using the `APIView` class based views.
45
45
46
46
class ExampleView(APIView):
47
-
throttle_classes = (UserThrottle,)
47
+
throttle_classes = (UserRateThrottle,)
48
48
49
49
def get(self, request, format=None):
50
50
content = {
@@ -55,7 +55,7 @@ using the `APIView` class based views.
55
55
Or, if you're using the `@api_view` decorator with function based views.
56
56
57
57
@api_view('GET')
58
-
@throttle_classes(UserThrottle)
58
+
@throttle_classes(UserRateThrottle)
59
59
def example_view(request, format=None):
60
60
content = {
61
61
'status': 'request was permitted'
@@ -72,22 +72,22 @@ The throttle classes provided by REST framework use Django's cache backend. You
72
72
73
73
## AnonRateThrottle
74
74
75
-
The `AnonThrottle` will only ever throttle unauthenticated users. The IP address of the incoming request is used to generate a unique key to throttle against.
75
+
The `AnonRateThrottle` will only ever throttle unauthenticated users. The IP address of the incoming request is used to generate a unique key to throttle against.
76
76
77
77
The allowed request rate is determined from one of the following (in order of preference).
78
78
79
-
* The `rate` property on the class, which may be provided by overriding `AnonThrottle` and setting the property.
79
+
* The `rate` property on the class, which may be provided by overriding `AnonRateThrottle` and setting the property.
80
80
* The `DEFAULT_THROTTLE_RATES['anon']` setting.
81
81
82
-
`AnonThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
82
+
`AnonRateThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
83
83
84
84
## UserRateThrottle
85
85
86
-
The `UserThrottle` will throttle users to a given rate of requests across the API. The user id is used to generate a unique key to throttle against. Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
86
+
The `UserRateThrottle` will throttle users to a given rate of requests across the API. The user id is used to generate a unique key to throttle against. Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
87
87
88
88
The allowed request rate is determined from one of the following (in order of preference).
89
89
90
-
* The `rate` property on the class, which may be provided by overriding `UserThrottle` and setting the property.
90
+
* The `rate` property on the class, which may be provided by overriding `UserRateThrottle` and setting the property.
91
91
* The `DEFAULT_THROTTLE_RATES['user']` setting.
92
92
93
93
An API may have multiple `UserRateThrottles` in place at the same time. To do so, override `UserRateThrottle` and set a unique "scope" for each class.
@@ -113,11 +113,11 @@ For example, multiple user throttle rates could be implemented by using the foll
113
113
}
114
114
}
115
115
116
-
`UserThrottle` is suitable if you want simple global rate restrictions per-user.
116
+
`UserRateThrottle` is suitable if you want simple global rate restrictions per-user.
117
117
118
118
## ScopedRateThrottle
119
119
120
-
The `ScopedThrottle` class can be used to restrict access to specific parts of the API. This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property. The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
120
+
The `ScopedRateThrottle` class can be used to restrict access to specific parts of the API. This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property. The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
121
121
122
122
The allowed request rate is determined by the `DEFAULT_THROTTLE_RATES` setting using a key from the request "scope".
0 commit comments