Accommodating Legitimate API Requests
Question
An API developer is improving an application code to prevent DDoS attacks.
The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services.
Which solution should be implemented?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://www.whoishostingthis.com/resources/http-status-codes/The correct solution for preventing DDoS attacks while accommodating legitimate API requests from trustworthy services is to apply a limit to the number of requests in a given time interval for each API, and if the rate is exceeded, temporarily block access from the API key and return a 429 HTTP error code. This is option D.
DDoS attacks occur when a large number of requests are sent to a server or application, overwhelming its resources and making it unavailable to legitimate users. To prevent such attacks, it is essential to implement some form of rate limiting or throttling, which restricts the number of requests that can be made in a given time interval.
In this scenario, the API developer needs to balance the need for security against the legitimate use of the API by trustworthy services. Therefore, simply restricting the number of requests based on a calculation of daily averages (option A) may not be effective since it does not account for spikes in traffic and could unfairly block access to legitimate users.
Similarly, increasing the limit of replies in a given interval for each API (option C) is not an effective solution since it does not limit the number of requests made but only the number of replies. Also, blocking access from the API key permanently could be too harsh and not allow for any chance of recovery.
Option B, which involves implementing REST API Security Essentials solution to automatically mitigate limit exhaustion, sounds promising, but it is not specific enough to provide a clear solution for the developer. Additionally, temporarily blocking access from the service and returning a 409 HTTP error code may unfairly affect legitimate users of the API.
Therefore, the best solution is to apply a limit to the number of requests in a given time interval for each API and if the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code. This approach will effectively prevent DDoS attacks while allowing legitimate users to access the API at a reasonable rate.