educative.io

Educative

How is app_dev_key implemented for unregistered users?

A malicious user can put us out of business by consuming all URL keys in the current design. To prevent abuse, we can limit users via their api_dev_key. Each api_dev_key can be limited to a certain number of URL creations and redirections per some time period (which may be set to a different duration per developer key).

I assume most users of the url-shortening service are actually unregistered users. What’s the industry standard of preventing the aforementioned abuses against unregistered users? Would that be via cookies or IP addresses or something?

1 Like

I’m wondering the same thing, how do we handle unregistered users? how would they use the API without an api_dev_key?

I assume there needs to a type of DDos Mitigation system in place given most users are anonymous.

Have you got any answers?? Why these people are not responding?