Understanding the importance of throttling rules
In Chapter 8, Securing the API with Authentication and Permissions, we made sure that some requests were authenticated before processing them. We took advantage of many authentication schemes to identify the user that originated the request. Throttling rules also determine whether the request must be authorized or not. We will work with them in combination with authentication.
So far, we haven't established any limits on the usage of our RESTful Web Service. As a result of this configuration, both unauthenticated and authenticated users can compose and send as many requests as they want to. The only thing we have limited is the resultset size throughout the configuration of the pagination features available in the Django REST framework. Hence, large results sets are split into individual pages of data. However, a user might compose and send thousands of requests to be processed with any kind of limitation. Of course, the servers or virtual...