0

I am currently creating a basic API that will take a few parameters, fetch some data from a 3rd party API, do some processing and return it as json to be displayed with AJAX. Because this is using a 3rd party API and takes a few seconds to respond I am worried about it being abused.

My thoughts are to log the ip address and not to run the script again unless the previous instance has finished. I understand that attackers can use multiple IPs, but am not sure how to get around that.

Another thought is to limit the total running scripts as well.

Jack Hugh
  • 1
  • 1
  • 2
  • can you cache the results from the 3rd party API –  May 22 '19 at 00:33
  • another thought is to delay your ajax requests , also read more about [throttling](https://stackoverflow.com/questions/1375501/how-do-i-throttle-my-sites-api-users) and checkout how you can make a use of it. – hassan May 22 '19 at 00:35

0 Answers0