The latest articles on Forem by Tayo O. (@olutayo). https://forem.com/olutayo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1703461%2Fffee4e79-1e8c-4a72-9a53-c6f86d1ef4da.jpg https://forem.com/olutayo en Tayo O. Sat, 29 Jun 2024 13:09:06 +0000 https://forem.com/olutayo/implementing-api-throttling-in-my-php-project-35jm https://forem.com/olutayo/implementing-api-throttling-in-my-php-project-35jm <p>Today, I’m diving into a cool backend challenge I recently tackled: implementing API rate limiting and throttling using PHP and Memcached. This stuff is crucial for protecting APIs from abuse and ensuring everyone gets fair usage. Let’s break down how I solved this.</p> <h3> The Challenge: API Rate Limiting and Throttling </h3> <p>APIs can get overwhelmed if access to them is not properly managed. That’s where rate limiting and throttling come in – they help control how many requests a user or app can make to an API within a certain timeframe. Here’s how I tackled this:</p> <h3> Step 1: Defining the Rate Limit Policies </h3> <p>First, I had to define the rate limit policies which spell out how many requests are allowed per minute, hour, or day, and what happens when someone exceeds the limit..</p> <p><strong>Example Policy:</strong></p> <ul> <li> <strong>Free Users:</strong> 100 requests per minute</li> <li> <strong>Paid Users:</strong> 1000 requests per minute</li> </ul> <h3> Step 2: Choosing the Right Tools </h3> <p>Second, I picked Memcached for storing the request counts because it’s super fast and efficient.</p> <h3> Step 3: Implementing the Rate Limiting Logic </h3> <p>Next, I wrote the rate limiting logic in PHP, using Memcached to store and manage request counts. Here’s a simplified version of what I did:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nv">$memcached</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Memcached</span><span class="p">();</span> <span class="nv">$memcached</span><span class="o">-&gt;</span><span class="nf">addServer</span><span class="p">(</span><span class="s1">'127.0.0.1'</span><span class="p">,</span> <span class="mi">11211</span><span class="p">);</span> <span class="k">function</span> <span class="n">is_rate_limited</span><span class="p">(</span><span class="nv">$user_id</span><span class="p">,</span> <span class="nv">$max_requests</span><span class="p">,</span> <span class="nv">$window_seconds</span><span class="p">)</span> <span class="p">{</span> <span class="k">global</span> <span class="nv">$memcached</span><span class="p">;</span> <span class="nv">$key</span> <span class="o">=</span> <span class="s2">"user:</span><span class="nv">$user_id</span><span class="s2">:requests"</span><span class="p">;</span> <span class="nv">$current_requests</span> <span class="o">=</span> <span class="nv">$memcached</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">(</span><span class="nv">$key</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$current_requests</span> <span class="o">===</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$memcached</span><span class="o">-&gt;</span><span class="nf">set</span><span class="p">(</span><span class="nv">$key</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="nv">$window_seconds</span><span class="p">);</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">elseif</span> <span class="p">(</span><span class="nv">$current_requests</span> <span class="o">&lt;</span> <span class="nv">$max_requests</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$memcached</span><span class="o">-&gt;</span><span class="nf">increment</span><span class="p">(</span><span class="nv">$key</span><span class="p">);</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nv">$max_requests</span> <span class="o">=</span> <span class="mi">100</span><span class="p">;</span> <span class="nv">$window_seconds</span> <span class="o">=</span> <span class="mi">60</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nf">is_rate_limited</span><span class="p">(</span><span class="nv">$user_id</span><span class="p">,</span> <span class="nv">$max_requests</span><span class="p">,</span> <span class="nv">$window_seconds</span><span class="p">))</span> <span class="p">{</span> <span class="nb">http_response_code</span><span class="p">(</span><span class="mi">429</span><span class="p">);</span> <span class="k">echo</span> <span class="s1">'Rate limit exceeded. Please try again later.'</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">echo</span> <span class="s1">'Your request was successful.'</span><span class="p">;</span> <span class="p">}</span> <span class="cp">?&gt;</span> </code></pre> </div> <h3> Step 4: Integrating with the API </h3> <p>Then, I integrated the rate limiting logic with the existing API endpoints. This involved adding middleware to check the rate limit before processing each request. If the limit was exceeded, the API would return a 429 status code (Too Many Requests).</p> <h3> Step 5: Testing and Monitoring </h3> <p>Testing and monitoring were key to ensure the rate limiting was working correctly. Here’s how I set that up:</p> <h4> Testing </h4> <p><strong>Create Test Scripts:</strong></p> <ul> <li>I wrote scripts to simulate high traffic and burst traffic scenarios.</li> <li>These scripts repeatedly sent requests to the API and logged responses.</li> </ul> <p><strong>Example Test Script in PHP:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nv">$apiUrl</span> <span class="o">=</span> <span class="s1">'http://my-api-endpoint'</span><span class="p">;</span> <span class="nv">$requests</span> <span class="o">=</span> <span class="mi">120</span><span class="p">;</span> <span class="c1">// Number of requests to send</span> <span class="k">for</span> <span class="p">(</span><span class="nv">$i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nv">$i</span> <span class="o">&lt;</span> <span class="nv">$requests</span><span class="p">;</span> <span class="nv">$i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$response</span> <span class="o">=</span> <span class="nb">file_get_contents</span><span class="p">(</span><span class="nv">$api_url</span><span class="p">);</span> <span class="k">echo</span> <span class="s2">"Response </span><span class="nv">$i</span><span class="s2">: "</span> <span class="mf">.</span> <span class="nv">$response</span> <span class="mf">.</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">;</span> <span class="nb">usleep</span><span class="p">(</span><span class="mi">500000</span><span class="p">);</span> <span class="c1">// Delay of 0.5 seconds between each request</span> <span class="p">}</span> <span class="cp">?&gt;</span> </code></pre> </div> <p><strong>Logging Rate-Limited Requests:</strong></p> <ul> <li>I added logging to track when users hit the rate limit.</li> <li>This could be useful for analyzing patterns and adjusting the rate limits as needed.</li> </ul> <p><strong>Example Logging in PHP:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">function</span> <span class="n">is_rate_limited</span><span class="p">(</span><span class="nv">$user_id</span><span class="p">,</span> <span class="nv">$max_requests</span><span class="p">,</span> <span class="nv">$window_seconds</span><span class="p">)</span> <span class="p">{</span> <span class="k">global</span> <span class="nv">$memcached</span><span class="p">;</span> <span class="nv">$key</span> <span class="o">=</span> <span class="s2">"user:</span><span class="nv">$user_id</span><span class="s2">:requests"</span><span class="p">;</span> <span class="nv">$current_requests</span> <span class="o">=</span> <span class="nv">$memcached</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">(</span><span class="nv">$key</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$current_requests</span> <span class="o">===</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$memcached</span><span class="o">-&gt;</span><span class="nf">set</span><span class="p">(</span><span class="nv">$key</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="nv">$window_seconds</span><span class="p">);</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">elseif</span> <span class="p">(</span><span class="nv">$current_requests</span> <span class="o">&lt;</span> <span class="nv">$max_requests</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$memcached</span><span class="o">-&gt;</span><span class="nf">increment</span><span class="p">(</span><span class="nv">$key</span><span class="p">);</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nb">error_log</span><span class="p">(</span><span class="s2">"Rate limit exceeded for user </span><span class="nv">$user_id</span><span class="s2">"</span><span class="p">);</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="cp">?&gt;</span> </code></pre> </div> <h3> Joining the HNG Internship </h3> <p>Solving challenging problems like API rate limiting is why I love backend development. Now, I’m trying to take my skills to the next level by joining the <a href="https://hng.tech/internship">HNG Internship</a>. Even though I have a couple years of experience in backend development, I’m joining the HNG Internship to stay sharp, connect with the community, see what’s happening in the space, and maybe find some exciting job opportunities.</p> <p>From what I've heard, the HNG Internship is perfect for staying updated with the latest trends and technologies. It’s also a great way to meet other passionate developers and potentially get hired by amazing companies through <a href="https://hng.tech/hire">HNG Hire</a>.</p> <h3> Why the HNG Internship? </h3> <ol> <li> <strong>Stay Sharp:</strong> Continuous learning is key in tech, and the HNG Internship offers new challenges to keep my skills sharp.</li> <li> <strong>Connect:</strong> Networking with other developers and mentors is invaluable for personal and professional growth.</li> <li> <strong>Explore Trends:</strong> Being part of HNG helps me stay on top of the latest industry trends and innovations.</li> <li> <strong>Job Opportunities:</strong> The internship could open doors to exciting job opportunities with top companies.</li> </ol> <h3> Conclusion </h3> <p>Backend development can be tough, but with the right approach, I believe that even the most complex problems can be solved. I’m excited about the journey ahead with the HNG Internship. If you’re also interested in growing your skills, check out the <a href="https://hng.tech/internship">HNG Internship</a>.</p> php api memcached throttling