Go to DBLP homepageOn Computing Throttling Rate Limits in Web APIs through Statistical Inference
Abstract: Data-provisioning services can provide high value. Since data can be used and misused in unpredictable ways, organizations deal with the dilemma "to expose or not to expose" their data through Web APIs and - depending on the nature of their business - ponder possible opportunities and pitfalls. Rate limiting strategies are widely employed to control access to data and to safeguard back-end computational resources. However, their effectiveness depends on a good choice of the maximum allowed rate at which information can be "safely" released to users. A relevant scenario is represented by public administrations and private companies providing services whose quality is regulated by formal business agreements on the service levels. These organizations may need to choose a rate limit for their Web APIs that prevent unauthorized users to compute service levels with an high confidence while still allowing the creation of useful value-added services. In this paper, we propose a general statistical model for this problem and a technique, based on uniform sampling tools, to select an appropriate rate limit, and we demonstrate its validity through a case study involving a large bus company.
Loading