Adjust throttling of thumbnail endpoints
zackkrida opened this issue · 0 comments
Problem
Currently thumbnail requests are throttled at a rate of one thousand per minute:
When used by unauthenticated users making requests rapidly, as is common in scraping workflows, this can potentially send a lot of traffic to our API partners which may lead to rate limiting or denylisting of our API from their endpoints.
Description
We should reduce the unauthenticated thumbnail throttling to something like 150/min. This seems a reasonable amount for anyone building a user interface that displays thumbnails on-demand, which is more in-line with our intended use cases for the API.
The throttling for authenticated accounts should be higher, perhaps 500/min?
Additional context
We have also discussed implementing CSRF tokens on the front-end to solve this problem, which would be used in conjunction with this approach but with the unauthenticated throttling even more aggressive.
Implementation
- 🙋 I would be interested in implementing this feature.