Summary
The MaveDB API does not currently enforce any rate limits. We should implement rate limiting to protect the service from abuse and ensure fair usage across all users.
Motivation
- Prevents individual users or scripts from overwhelming the API
- Protects service availability for all users
- Standard practice for public APIs
- Would allow us to document concrete limits in the API Quickstart docs
Suggested approach
- Implement per-IP or per-token rate limiting (e.g., X requests per minute)
- Return standard
429 Too Many Requests responses with Retry-After header when limits are exceeded
- Consider different limits for authenticated vs. unauthenticated requests
- Document the limits in the API docs once implemented
Summary
The MaveDB API does not currently enforce any rate limits. We should implement rate limiting to protect the service from abuse and ensure fair usage across all users.
Motivation
Suggested approach
429 Too Many Requestsresponses withRetry-Afterheader when limits are exceeded