At 2005-06-27 22:34, Brion Vibber wrote:
So, there isn't any way to identify the individual
applications. But
there is a way to identify the individuals who are using the
application which is using the API. Why do you want to block the
application? Just limit the use of the API to 1000 accesses an hour by
IP-adress (replace with different numbers as you see more fit). That
blocks any application, that is misbehaving.
Amazon's webservices have 'solved' the problem
by allowing no more than one request per second
from any IP address.
This however doesn't work properly, because the
clients can't control whether they have a lot of
visitors at once and then none for a length of
time. Some (not very efficient) applications
also request 10 results at once and then none
for a while.
What I proposed was a simple mechanism: Give
every IP-address a credit of say a 60 requests
and decrement this with one for every request
succesfully handled and increase the credit
with one every second (up to the maximum of 60).
As soon as the credit is zero the system either
delays the response until there is credit again
(so upto one second later) (prefered method) or
it sends back an appropriate error message.
This system is easy to implement and it will
give the clients a lot of freedom, but it will
effectively limit the access by IP-addresses
that send too many requests per unit of time.
Of course the values of the parameters are open
to discussion.
Greetings,
Jaap
-- My Amazon scripts:
--
http://www.chipdir.nl/amazon/