The rate limiting headers as documented here:
https://archive.softwareheritage.org/api/
are not present in the responses of the Web API. Either the documentation should be updated or the headers added to the response.
This just seem to be a response headers issue, I'm able to hit the rate limiting from the outside.
| rDWAPPS Web applications | |||
| rDWAPPSab4bd29e7704 api: Add rate limiting headers in HTTP responses | |||
When I do something like this;
while true; do curl -i https://archive.softwareheritage.org/api/1/content/dc2830a9e72f23c1dfebef4413003221baa5fb62/; done
after a while SH stops responding, wihtout headers. I guess that varnish gets things from the cache and then throttles, but I don't get either a 429 or a header, it simply seems to hang.
Turns out that the throttling feature of Django Rest Framework that we are using under the hood does not set any X-RateLimit-* headers in its current implementation so that's why they are missing. We should be able to have it back by implementing a Django middleware that will process 429 responses by adding the throttling related headers. Nevertheless, throttling is functional (no more than 120 requests per hour on different api urls, if you hit 120 times the same url, Varnish will serve the cached result).