Rate Limiting

[didimitrie]

Step 0:

• I've read the contribution guidelines!

To be able to provide consistent experiences and protect form malicious attacks, we need to implement some sort of (generous) rate-limiting mechanism for all REST & WS api endpoints per token, and per route. Ie, objectGet should be relaxed; as opposed to accounts/login 😎

[radumg]

is this the point when we consider an API gateway to handle this stuff (auth, rate, etc) ?

[didimitrie]

i don't think so (for sure not for auth). speckle's not composed of microservices, so the benefits of an api gateway are reduced in this scenario.

was more thinking of a simple redis solution. we'll see. I've added the relevant milestone for this issue 😅