I am building a solution where I have one core API on which I have implemented the throttling as per the official documentation https://www.django-rest-framework.org/api-guide/throttling/. But I wonder how will I be able to monitor the requests so that no genuine user of the app gets blocked and if so should be able to unblock it.
My settings.py file
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_CLASSES': (
'rest_framework.throttling.ScopedRateThrottle',
),
'DEFAULT_THROTTLE_RATES': {
'students': '1/minute',
}
}
And My views.py
class StudentViewSet(viewsets.ModelViewSet):
throttle_scope = 'students'
The throttle classes provided by Django REST framework do not allow you to do this. You would have to create a custom throttle class and overwrite allow_request() to log throttling events and provide some facility for whitelisting. E.g. something like this:
class WhitelistScopedRateThrottle(throttling.ScopedRateThrottle):
def allow_request(self, request, view):
allowed = super().allow_request(request, view)
if not allowed:
if self.is_whitelisted(request, view)
return True
else:
self.log_throttling(request, view)
return False
else:
return True
def is_whitelisted(self, request, view):
...
def log_throttling(self, request, view):
...
How to best implement the whitelisting and logging depends on your exact requirements.