Why are limits often set by IP and not by key in APIs with an access key?

A

Anton Tikhomirov2017-01-30 13:36:09

API

Anton Tikhomirov, 2017-01-30 13:36:09

Hello!

Sobssno, the question is this: as you know, some APIs set request limits, for example, 100 per minute for one IP. But why by IP? Indeed, in this case, you can use a proxy, and in general, each time access it from a different IP. What is the benefit then? It is clear that obtaining and using access keys is much easier and more efficient to control, and often they are generally issued manually. Yes, and it’s easier to implement: if in the first case you need to record the number of requests for each IP in the database (or is it done somehow differently?), then in the second it’s quite simple for each access key, which means there will be fewer records in times.

Thanks in advance!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Konstantin, 2017-01-30
@Acuna

It depends where, large companies and corporations have good key limits. Maybe this is an open API that does not require authorization by key. Then the limit is easiest by IP