[PDB Tech] Question about API ratelimits
Chris Caputo
ccaputo at alt.net
Thu Apr 11 14:11:25 UTC 2024
On Thu, 11 Apr 2024, Tom Strickx wrote:
> Hey folks,
>
> We're wondering how the ratelimits are enforced these days.
> Specifically, authenticated (so with API key) requests. Are these enforced
> by API-key, by AccountID, by IP, by subnet, by star sign, ...?
> Let me know if there's some piece of documentation documenting all of this.
>
> Thanks!
> --
> Tom Strickx
> Principal Network Engineer
> AS13335 - Cloudflare
Hi Tom,
Per:
https://docs.peeringdb.com/howto/work_within_peeringdbs_query_limits/
- Anonymous queries limited to 20/minute per IP address
- Authenticated queries limited to 40/minute per user or organization
(when an organizational API key is used)
This comes from a set of HOWTOs that may be of interest to others,
including one on the caching software peeringdb-py:
https://docs.peeringdb.com/howtos/
The Seattle IX uses peeringdb-py to perform many queries of PeeringDB per
day to inform its web site and route servers, with nil impact to PeeringDB
itself, since the queries hit a local database instead.
There are also query limits for repeated identical from unauthenticated
queries. These are per IP address and per /24 or /64 address block.
If you want to dig into the Django code for throttling, check out:
https://github.com/peeringdb/peeringdb/blob/master/peeringdb_server/rest_throttles.py
Let me know if you have other questions. I volunteer on PDB Ops.
Chris
More information about the Pdb-tech
mailing list