api: Increase rate limit for Public API endpoints

Enable use cases of scripts and user bursts by increasing the rate limit for public API endpoints.
ThreeSixtyGiving · Sep 30, 2024 · 2224026 · 2224026
1 parent 6c965e7
commit 2224026
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/datastore/api/org/api.py b/datastore/api/org/api.py
@@ -3,6 +3,7 @@
 from django.http import Http404
 from rest_framework import generics
 from rest_framework.pagination import LimitOffsetPagination
+from rest_framework.throttling import ScopedRateThrottle
 
 import db.models as db
 from api.org import models
@@ -14,6 +15,8 @@ class OrganisationsPagination(LimitOffsetPagination):
 
 
 class OrganisationListView(generics.ListAPIView):
+    throttle_classes = [ScopedRateThrottle]
+    throttle_scope = "public-api-org-list"
     serializer_class = serializers.OrganisationListSerializer
     pagination_class = OrganisationsPagination
 
@@ -42,6 +45,8 @@ class OrganisationDetailView(generics.RetrieveAPIView):
     publisher will be null.
     """
 
+    throttle_classes = [ScopedRateThrottle]
+    throttle_scope = "public-api-org-detail"
     lookup_field = "org_id"
     serializer_class = serializers.OrganisationSerializer
 
@@ -102,6 +107,8 @@ class OrganisationGrantsMadeView(generics.ListAPIView):
     For grant data schema, see the 360G schema: https://standard.threesixtygiving.org/en/latest/_static/docson/index.html#../360-giving-schema.json
     """
 
+    throttle_classes = [ScopedRateThrottle]
+    throttle_scope = "public-api-grants-list"
     serializer_class = serializers.GrantSerializer
     pagination_class = GrantsPagination
     filter_backends = [django_filters.rest_framework.DjangoFilterBackend]
@@ -127,6 +134,8 @@ class OrganisationGrantsReceivedView(generics.ListAPIView):
     For grant data schema, see the 360G schema: https://standard.threesixtygiving.org/en/latest/_static/docson/index.html#../360-giving-schema.json
     """
 
+    throttle_classes = [ScopedRateThrottle]
+    throttle_scope = "public-api-grants-list"
     serializer_class = serializers.GrantSerializer
     pagination_class = GrantsPagination
     filter_backends = [django_filters.rest_framework.DjangoFilterBackend]

diff --git a/datastore/settings/settings.py b/datastore/settings/settings.py
@@ -134,7 +134,16 @@
         "rest_framework.throttling.AnonRateThrottle",
         "rest_framework.throttling.UserRateThrottle",
     ),
-    "DEFAULT_THROTTLE_RATES": {"anon": "2/second", "user": "8/second"},
+    "DEFAULT_THROTTLE_RATES": {
+        "anon": "2/second",
+        "user": "8/second",
+        # Allow most Public API endpoints to be queried at 1000 requests / minute
+        # which should give sufficient room for bursts by scripts and user spikes,
+        # but org list is a relatively expensive endpoint.
+        "public-api-org-list": "100/min",
+        "public-api-org-detail": "1000/min",
+        "public-api-grants-list": "1000/min",
+    },
     "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
 }