Firstly wanted to say love the support and the API, really appreciative to the amazing developers and community contributors!!!

Context: Building a website with rows of content from discover endpoint and each row has poster.

Calling discover endpoint for each row. However, I need specific properties that discover doesn't return:

For these properties I'm calling movies/details or tv-shows/details: english_backdrop: Since the posters are horizontal with no embedded title, I need the English backdrop for each poster. I append_to_response the image endpoint for details Runtime: On hover for movies I show runtime Seasons: On hover for shows I show seasons

I have roughly 25 rows with 20 posters each - so total of 25 discover + (25 * 20 details) = 525 requests per page per user. This is obviously higher than the limit of 50 requests per second. The API rate limits are per IP address. But my requests are sent via cloud functions to prevent users from seeing my API key. That mean that there's only 1 IP address, my server IP.

• Because of this - if I use the API server-side, a single user blocks the API for the 10 seconds that it takes to fetch all requests.
  • So user 1 joins at 10:00 am, from 10:00:00 to 10:00:10 they limit the API for my server IP.
  • If user 2 joins at 10:00 am as well, they are blocked for 10 seconds and then use the API which blocks the next user for an additional 10 seconds.
  • If user 3 joins - they now have to wait 20 seconds before they receive any data.

The only solution I have is to hardcode my API key to my users and have their site make the API calls with their unique IP address. However, revealing my API key is obviously not ideal.

Workarounds that would help me but currently don't exist:

• Batching solution for details endpoint, or an append_to_response for discover endpoint
  • This will reduce my requests per page per user from 525 to only 25.
• Some way to have a rate limit per user while having server side requests (my server only has 1 ip right now which means no matter how many users I have using it - I will always only be able to do 50 requests a second)
• Secure built-in solution to have my users make client-side requests - like Firebase
  • Instead of just leaking my API key, maybe have a client API key that is secure enough to give to my clients without security issues
  • Stripe and Firebase API do something similar.

I don't think theres any other solution / workaround so I'm going to proceed with giving my API key to my users. Posting mostly to inform and suggest future solutions that would need to be built. Thank you!