The recent negative publicity for Snapchat's API is a real-life demonstration of what can go wrong when a few important things are overlooked. This episode offers an opportunity to remind ourselves about some aspects of security that API teams often overlook.
(Following from Tuesday's blog entry on API Scalability and Caching.
Last time we wrote about 3 things to think about when planning how to scale your API.
- Rate limiting and threat protection
- Offloading expensive processing
and then talked about caching at length, so let's finish up with:
Rate Limiting and Threat Protection
Another aspect of scaling is just keeping unnecessary traffic away from your application servers and databases. Some of the techniques that we've discussed previously, such as rate limits and threat protection, apply here...