The Movie Database Support
Support → API Support
Important Upcoming Change: Rate limiting
posted by Travis Bell MOD on March 5, 2014 at 6:12 PM
Hi everyone,
There's going to be some changes to the rate limiting we do on the API coming up shortly. This won't affect the rate limits themselves but rather how we calculate them and what we return. I'm happy to answer any specific questions should have one.
Let me first outline the key problems with our current system. Right now our API web servers are load balanced using Amazon's Elastic Load Balancer (ELB). When we first started doing this we only had 2 servers. With Nginx in front taking care of the rate limiting it worked ok for us. Keep in mind, Nginx doesn't share any kind of a hash table so each IP was technically, rate limited separately on each server. At 2 servers we were ok with this since the way we split traffic was generally by IP to each individual availability zone. This meant that mostly everyone's requests ended up at the same Nginx instance.
Fast forward to 2014 and our API web server cluster is 8 servers which is now making any attempt to rate limit with Nginx almost useless.
The new system will share the state of an IP address across all 8 instances and provide proper balanced rate limiting. The rate limits themselves remain unchanged (max. 30 requests in a 10 second span). The key difference is in the response handling during your requests and when you trip the rate limits. I'll give you some examples so you can make changes to your code before we go live with this change.
Every request will soon have these 3 headers:
X-RateLimit-Limit: 30 X-RateLimit-Remaining: 18 X-RateLimit-Reset: 1394060670
- X-RateLimit-Limit: The number of requests you're allowed to make in a 10 second span.
- X-RateLimit-Remaining: The number of requests you have left before the counter resets.
- X-RateLimit-Reset: The Epoch timestamp when the counter will reset.
Right now when you actually trip the rate limits, we just throw a 503 error which is really not the right way to do this. Moving forward, we'll be throwing a proper 429 status code along with a Retry-After header telling you how many seconds to wait until you're allowed to make a request again. It looks like so:
HTTP/1.1 429 Content-Length: 104 Date: Wed, 05 Mar 2014 23:08:12 GMT Retry-After: 7
Hopefully this will help you guys build better systems around the API. It's important for us to try and provide the best and most complete service we can and this should help a lot of you guys out.
Cheers.
Reply by Travis Bell
on June 27, 2017 at 2:03 PM
Hi @mani.db I don't know of any Python examples. I am not familiar with PHP but I know the PHP library is close to the most mature library around and it has built functionality to handle the rate limiting. Perhaps that will be of some help.
Reply by Saar Rasha
on February 3, 2018 at 1:01 PM
@travisbell , hi,
Does the rate-limit have any notion of 'in-flight' request? for example, what would be the behavior under the following scenario: 1. The app starts-up and send 40 requests for the first time-frame 2. The 10 seconds past, some of the requests returned some not, for example, I have 2 requests that did not return yet 3. The app sends an additional 40 requests - now I have 42 requests in flight
Is this valid?
Reply by heyoni
on February 7, 2018 at 12:00 PM
Here's a quick and dirty example of how I implemented rate limiting for tmdb requests.