@Design Gurus,
-
I feel some of examples are not api rate limiting. In case 3 password attempt or 3 failed transactions. It is not api rate limiting. Generally in such cases, we would throttle by api dev key and api dev key is not the client who has made 3 wrong attempt, it may be the bank.I dont see these as examples of api rate limiting,There no api for a particular user that can be throtlled. Same api is for all users. It is business logic rather than api rate limiting
-
Also how can memcache helps in handling atomicity as mentioned in chapter?
-
Also in second solution, we cannot use reddis sorted set as it wont allow duplicates, what if there are multiple requests with same time stamp?We need to use list and custom sort it.
-
Also as you mentioned in last cahche topic that we should cache user data, but i think it is wrong?There can be multiple request from client to different servers for same API,and each app server has its own cache.How can you read data from other app server to conclude if it indeed crosses the limit?