alt Hacker News> I understand that my popular service might bring your less popular one to the halt, but please configure it on your end so I know _programmatically_ what its capabilities are.
Quite entitled expectations for someone using a free and open service to underpin their project.
The requests were coming from distributed clients, not a central API gateway that could respond to rate limiting requests
> I host no API without rate-limiting. Additionally, clearly listing usage limits might be a good idea.
Again, this wasn’t a central, well-behaved client hitting the API from a couple of IPs or with a known API key.
They calculate that per every 1 user of the wlive.place website, they were getting 1500 requests. This implies a lot of botting and scripting.
This is basically load testing the web site at DDoS scale.
Replies
Ugh, then I agree. This way it's indistinguishable from DDoS attack.
> The requests were coming from distributed clients, not a central API gateway that could respond to rate limiting requests
The block was done based on URL origin rather than client/token, why wouldn't a rate limiter solution consider the same? For this case (a site which uses the API) it would work perfectly fine. Especially since the bots don't even care about the information from this API so non-site based bots aren't even going to bother to pull the OpenFreeMap tiles.