Add API Rate Limiting
In case one user starts crawling the API with a good connection it would be possible to slow down the API gateway.
We should try to limit the rate of access that one user can make so that even if someone crawls the API other users are not affected by reduced performance.
Ideally we would rate limit based on IP if not authentication, and based on the user ID if authenticated
I've looked at various symfony bundles:
https://github.com/jaytaph/RateLimitBundle
- Allows a custom rate limiting keys.
- Needs redis/memcached/doctrine, which we don't have yet -> Maybe we can use a doctrine sqlite file for starters?
https://github.com/IndraGunawan/api-rate-limit-bundle
- Supports a cache interfaces, so we can just use the filesystem for starters: https://github.com/IndraGunawan/api-rate-limit-bundle/blob/master/Resources/doc/usage.md#custom-cache
- Has integration for api-platform
- Looks abandoned now sadly..
I tend towards https://github.com/jaytaph/RateLimitBundle