Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hold meeting to discuss "code yellow" options for throttling API traffic #4318

Closed
2 tasks
lbeaufort opened this issue Apr 21, 2020 · 2 comments
Closed
2 tasks

Hold meeting to discuss "code yellow" options for throttling API traffic #4318

lbeaufort opened this issue Apr 21, 2020 · 2 comments
Milestone
Sprint 13.6

Comments

@lbeaufort
Copy link
Member

lbeaufort commented Apr 21, 2020
edited by JonellaCulmer
Loading

User story: As an API user, I would like to retain my access to the API, so that I can continue to do my job.

See original "code red"/nuclear option #4301

For "code yellow" AKA allow power users access during emergency access restriction?

Pros

  • Fewer things to worry about in outage: not hearing from power users while trying to diagnose the problem
  • User-friendly: treats API users with same access privelige as front-end users

Cons

  • Maintenance: Introduces human error, somewhat tedious to maintain (can only add key ID’s, list is long, just a big string in env var). How will we keep it up to date?
  • Diagnostics: Make diagnostics a little harder - what if power user is causing issues? Less predictable (what if a media outlet for example has multiple keys and we only allowed one?)
    (edited for formatting)

Completion criteria:

  • Hold a meeting to discuss this option, document discussion (Must attend: Amy, Paul, Pat, Wei)
  • Determine whether this is appropriate for our needs
@JonellaCulmer JonellaCulmer added this to the Sprint 12.3 milestone Apr 21, 2020
@lbeaufort
Copy link
Member Author

lbeaufort commented Apr 27, 2020
edited
Loading

We could implement this with Roles so it's less cumbersome https://api-umbrella.readthedocs.io/en/latest/admin/api-backends/role-restrictions.html
https://github.com/18F/api.data.gov/wiki/User-Manual:-Agencies#defining-custom-settings-for-specific-urls-or-specific-types-of-requests
https://github.com/18F/api.data.gov/wiki/User-Manual:-Agencies#embedding-the-api-key-signup-form-on-your-own-documentation-site

@JonellaCulmer JonellaCulmer changed the title Research "code yellow" options for throttling API traffic Hold meeting to discuss "code yellow" options for throttling API traffic Apr 30, 2020
@JonellaCulmer JonellaCulmer modified the milestones: Sprint 12.3, Sprint 12.5 May 5, 2020
@JonellaCulmer JonellaCulmer modified the milestones: Sprint 12.5, Sprint 12.6 Jun 2, 2020
@lbeaufort lbeaufort modified the milestones: Sprint 12.6, Sprint 13.6 Jul 24, 2020
@patphongs
Copy link
Member

We've decided to no longer pursue this strategy. Closing this ticket.

@patphongs patphongs mentioned this issue Feb 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Sprint 13.6
Development

No branches or pull requests
3 participants
@patphongs @lbeaufort @JonellaCulmer