Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Following

Library

Stories

Stats

codeburst

Bursts of code to power through your day. Web Development articles, tutorials, and news.

Follow publication

Rate Limiting API Endpoints in ASP.NET Core

Changhui Xu
codeburst
Published in
7 min readSep 20, 2019

This post shows (1) an ASP.NET Core Web API demo project which limits inbound HTTP requests from the internet and (2) an integration test project which tests the Web API rate limit using a TestServer and an HttpClient. One of the integration tests shows an example approach to send concurrent API requests using a Semaphore in order to comply with the rate limit in the Web API application.

The demo Web API application has an API end point, /api/values/isPrime?number={n}, which checks if an integer is a prime number or not. This Web API application utilizes the AspNetCoreRateLimit NuGet package to throttle the inbound HTTP requests with a rate limit of 2 requests per second. If the web server receives more than 2 HTTP requests per second, then the server denies extra requests and returns an HTTP status code 429 (Too Many Requests).

The integration test project employs the same setups as the Web API project and tests the controller action method. We can validate the effect of rate limiting when the API endpoint is hit by a high volume of requests. We can also see a simple way to comply with the rate limiting policy and throttle concurrent HTTP requests so that the utilization rate of the API endpoint is maximized.

The whole solution is located at this GitHub repository.

Table of Contents

Throttling Web API Endpoints in ASP.NET Core
Integration Tests of the Rate Limit Scenarios

We first create an ASP.NET Core Web API project, which contains one controller (ValuesController) with one action method (GetIsPrime(long number)) that accepts HTTP Get requests. This API endpoint takes an integer as a query parameter (?number={number}) and returns a Boolean value representing whether the number is a prime number or not. Now, let’s step into the rate limiting zone.

Throttling Web API Endpoints in ASP.NET Core

A web API endpoint is an interface for API consumers to interact with the server side application. Web API endpoints can provide data Extract, Transform, Load (ETL) services, cognition services, and other computing services. Through an API endpoint, our system can further facilitate data operations in other systems…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

codeburst
codeburst
Follow

Published in codeburst

105K Followers
Last published May 19, 2021

Bursts of code to power through your day. Web Development articles, tutorials, and news.

Follow
Changhui Xu
Changhui Xu
Follow

Written by Changhui Xu

1.4K Followers
43 Following

Lead Application Developer. MBA. I write blogs about .NET, Angular, JavaScript/TypeScript, Docker, AWS, DDD, and many others.

Follow

Responses (1)

Write a response

What are your thoughts?

Nghia Cao

Jun 2, 2020

It's actually a great approach. I'm thinking, do you have any way to realize repeated requests are from hacking purpose, then this middleware will auto add client ip to black list?

--

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech