This is the best way to protect your APIs

preview_player
Показать описание


  1. Web Dev Cody
  2. web development
  3. programming
  4. coding
  5. code
  6. learn to code
Рекомендации по теме
It's THAT Easy.. 0:17:24

It's THAT Easy.. The BEST WAYS To Make Money SOLO After UPDATE in GTA Online! (GTA5 Fast Money)

Yummy! This is 0:04:26

Yummy! This is the Best way to cook Pork Humba💯✅ Tastiest ever, Easy pork recipe

Bestway Power Steel™ 0:02:41

Bestway Power Steel™ Frame Pool - Aufbau im Zeitraffer - 640 x 274 x 132 cm

Amazing Job | 0:28:00

Amazing Job | This Is The Best Way to Build A Smart Wheelbarrow

This is the 0:09:52

This is the BEST way to see Japan: The Nakasendo Way | LOCALS. | Travel + Leisure

The BEST Way 0:08:55

The BEST Way To Grow Avocado From Seed | 0 - 5 Months of Growth

This is the 0:13:35

This is the BEST way to break a course record

This is the 0:11:52

This is the BEST way to improve at Smash Ultimate

DJ CHARI & 0:02:11

DJ CHARI & DJ TATSUKI - Best Way 2 Die feat. Jin Dogg, LEX & YOUNGBONG【Official Video】

How to: The 0:00:17

How to: The Best Way to Slice Watermelon

Bestway Power Steel 0:11:39

Bestway Power Steel Rectangular Frame Pool Set 6,71 x 3,66 x 1,32m Unboxing and Review! Time-Lapse

The Best Way 0:13:27

The Best Way To Sharpen & Clean Knives (And The Worst) | Epicurious 101

The Best Way 0:03:15

The Best Way To Travel

This is The 0:01:00

This is The Best Way To Get Rid Of Bugs! #bugs #insects #fly #salt #bugasalt

Could THIS be 0:12:05

Could THIS be the BEST WAY to make TACOS?!

The science is 0:04:57

The science is in: Exercise isn’t the best way to lose weight

The Best Way 0:12:54

The Best Way To Learn English (In my humble opinion.)

The best way 0:00:16

The best way to cut a mango

Filtr Piaskowy BestWay 0:07:02

Filtr Piaskowy BestWay czysta woda w basenie unboxing

The BEST & 0:05:45

The BEST & EASIEST way to Cut a Watermelon - It's the Only Way

The Absolute Best 0:14:35

The Absolute Best Way to Learn a Language

The Best Way 0:06:31

The Best Way to Start Reading the Bible | Phil Robertson

Madilyn - Best 0:03:15

Madilyn - Best Way To Deal With Hate (Lyrics)

The Best Way 0:09:56

The Best Way to Practice DRAWING

Комментарии
Автор

Keep in mind that there's different levels of rate limiting. For APIs you should not rate limit based on IP, but rather based on the session or authorization token provided. App-level rate limiting does not protect you against DoS and IP only makes it easy for an malicious attacker to abuse your system.

Additionally this may also have a negative side effect of blocking requests from devices that share the same external IP on the same network.

Other forms of rate limiting and load balancing is best handled at the proxy (i.e. HAProxy, nginx, etc.) and better DNS level (e.g. Cloudflare). This is often handled by whatever provider you have.

dealloc
Автор

Lol I did a talk on web app pentesting and included a section on rate limiting. I included an example where (with permission) I took down the very popular jeopardy api that is free and open source. It was back up momentarily, but it really didn’t take much. Very good video, and important information.

Gamewithstyle
Автор

wow! keep them tutorials coming, i love this

bulelanibotman
Автор

Wow, a redis saas with a free tier? I didn't even really know they existed. I'll definitely check our upstash and try it in a project

FunkyToe
Автор

Great information. In larger companies we would usually use an api gateway like apigee, gloo, AWS api gateway or similar to manage access apis as well as bot protection, authentication, rate limiting, a/b testing. It’s interesting to see many channels/creators engineer solutions for nextjs and similar ssr frameworks rather than use dedicated backend apis. I can admit it’s easy for a small project to just use the backend capabilities of the ssr frameworks but I would encourage engineers on the quest for learning to also learn backend technologies as most companies would not yet host a production api as part of a nextjs or similar deployment.

Tszyu
Автор

Good video as usual ! What is your extension to do queries inside VSCode?

alexandrepereira
Автор

Hi cody, what font and theme do you use in vscode please ?

ahmedahmedx
Автор

At 6:05 I noticed that the response time increased immensely from 16 ms to 454 ms. Also on later successful requests the response time was in the three digit region. Is this the cost of having a remote redis db instead of a local one, or is this because it's in another region like you mention towards the end of your video? Is there anything one can do about it to lower the response time again?

HorstKirkPageKian
Автор

using IP alone is might not be a good idea. maybe also consider device ID, tokens etc.? I've also noticed this method in binance years ago they limit based on IP so no one on your network can spam

kolya
Автор

Can you make a tutorial for making secure api routes between server client

wcatly
Автор

whic theme are you using in this video

ayushkathariya
Автор

Your videos are very good! Can you make a video for upstash Kafka?

AndreSchmidt-mouu
Автор

Nice and concise. One comment though for "paid" services using ips alone is not a good idea, adding the users api token prevents users with access to a lot of ips to rotate through and change the source-ips.

rwz
Автор

You can create a middleware and without redis ask is that ip is used 10 seconds ago. You can keep users ip in the memory or in the database.

zlackbiro
Автор

how to determine the right amount of rate limiting ? if it's for site like unsplash

ameer
Автор

Do you know if it's possible to blacklist with upstash? Looking to target some suspected scraping crawlers

petermckeever
Автор

great video...
in google they use great technique of rate limiting. "exponential backoff"
first the user starts with 2 s waiting time
then if he requeated the api again the waiting time will increase to 4
then 8 ..16 ... 32...
did you recognized the pattren?
it's 2^n
now your traffic will be more organized so if someone insisted 10 times he's gonna wait for 20 minutes
if he invoked 30 times more he will wait until the end of the world💀.
if you wanna implement this make sure to tell the user in front-end otherwise it's just bad UX

justhaithem
Автор

Coady great video u talked about bots briefly on a previous video.and how we should protect env file..please make a video on that

biltriq
Автор

what vscode theme is that ? pretty cool

razdingz
Автор

As somebody in NSA said this isn't a request and it takes some time until they let to get epic items for experiments. It is probably a daily credits use, so if you take more than a book from a bookshelf today nobody will let you search unless you are paying customer. Ninetails stash is safe if you are alone in the jump town. I think headers should be as they was onload and only content manipulated would be it's body, well unless you do a redirect. With big services they do all the restrictions, but you have to create it if you are an original rum shaker.

Netryon