Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-3550

[tenantadm] Introduce new limits for API call throttling




      Introduce new configuration limits for API call throttling and rate limiting:

      • Minimum interval between device inventory updates
      • Minimum interval between device deployments/next calls

      The aforementioned values defines the maximum burst allowed by a single device, we won't accept a call if the time passed from the previous call is less than the minimum interval defined here. Examples:

      1. Value of 1 means 1 call per second, which means up to 60 calls / minute.
      2. Value of 10 means 1 call every 10 seconds, leading to a maximum of 6 calls per minute.

      We also introduce quotas:

      • Device quota: Max number of device API calls in a given interval of time, per device
      • Device quota interval, in seconds
      • Management quota: Max number of management API calls in a given interval of time, per user
      • Management quota interval, in seconds

      These allows to define the maximum number of calls we accept in a given unit of time, e.g. up to 100 calls per hour, or 1000 per day.

      These settings (both limits and quotas) are returned when verifying the tenant token, because they'll be enforced by deviceauth and userauth.




            • Assignee:
              marcin.chalczynski Marcin Chalczynski
              tranchitella Fabio Tranchitella
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created:

                Summary Panel