Implement API keys to control usage #186
Comments
|
We need to decide on throttling and quotas. For throttling we need to decide the Rate (requests per second, that clients can call your API) and Burst (number of concurrent requests that a client can make to your API). We can ask our collaborators for feedback on their expected usage patterns during our meeting on 6/12. For quotas, I took a look at how many requests would cost ~$5,000 per month and it looks like that is equivalent to 1.8 billion requests per month. Pricing calculator estimates:
What I am less sure on is the cost for data transfer which seems to be indicated in the examples at this pricing documentation but there is no place to enter expected data transfer sizes in the pricing calculator. So I am not sure how this might be charged. So I propose starting with 1.8 billion requests in our default usage plan and then splitting up the requests or adding an additional number of requests to the heavy users usage plan. Then we can track costs and adjust as needed. @frankinspace - Is this in line with what you were thinking? Should we set our quota a bit lower to allow for data transfer charges? |
|
@nikki-t that makes sense to me, maybe round it off to 2 billion req/month as the cap. Although, do we need to take into account the dynamo read access? Each request runs at least 1 dynamo query so that may need to be factored in as well. Also would be interested in @jimmie perspective on the costing front. What we're basically saying is that as a project, PO.DAAC is willing to spend up to ~$5k per month to operate the hydrocron API. I don't know if we have any guidance on what that cap should necessarily be from the ESDS program |
|
@frankinspace - I created a AWS Pricing Calculator estimate that includes 2 billion API requests and 1 billion DynamoDB reach reads and 1 billion DynamoDB node reads. I based this off our tables in the OPS environment so we might have some realistic item sizes to work with. I wasn't sure how to quantify reach versus node requests so I selected 1 billion reads for both as our total requests quota will start at 2 billion so 1 billion reach requests and 1 billion node requests. Note, this does not include table storage. Total monthly cost is: $5,913.10 USD. I think it's okay to start off with 2 billion requests and then refine based on actual monthly costs but I will hold off on defining anything until @jimmie ways in on costs. |
|
Will start with default plan limits: 200 concurrent requests |
|
To confirm our choices I took a look at the API Gateway Dashboard metrics. Here is an overview of our metrics since April 2024. Looking further at the number or requests or API calls. I narrowed into the month of June and saw ~750 API calls per minute each day at ~08:00 UTC which is the max we see (we start to see this trend around May 29th with a max of ~1100 requests per minute). I think that works out to ~12.5 calls per second so we should be fine to implement the above limits assuming I am interpreting the metrics correctly.
|
|
Thanks @nikki-t; I agree those metrics appear to support our plan |
Working from the initial architectural review found in #152 we have decided to implement:
The text was updated successfully, but these errors were encountered: