Hello there,
I have a quick question for the community.
Within my application, I am allowing users to make API calls to third party APIs. I would like to have limits on the amount of API calls a user can perform per month.
Has anyone tackled this problem before / have a good idea of the best way to do it?
I would really appreciate any input / ideas!
Thank you
Ed
There are many ways to make this happen, but I’d go for limiting it on your API/Backend that you’re hitting and just displaying the info about consumption/remaining requests on the frontend via WeWeb. If you try to limit it via WeWeb, there will possibly be a way to bypass it.
Would be useful to know what backend you’re using.
Thanks so much for this!
I am using Xano as my backend but currently the API call is made directly from Lix as I was not sure how to set this up otherwise - is that a bad way to do it?
If you know anyone (or yourself) that could be interested in helping with this element of my project I would be keen to discuss a consulting arrangement!
But also, any other info is highly appreciated!
Thanks again
In general, anything you try to limit/protect on the client-side can be and if it’s worth it, then it will be bypassed or abused. By moving this logic to your backend such as calling the API via Xano (a.k.a your server-side) and then sending the data to WeWeb, you add an immense layer of security to your app, it’s not 100% but it’s 100% better than doing this logic on the front-end (WeWeb side). This is not a flaw of WeWeb itself, but of the nature of client-side/server-side.
Edit: A flow that I can immagine could work is calling Lix (I’ve got no clue what that is) via Xano, and then sending the data to WeWeb, this way you can limit the calls/apply any logic on Xano Side.
I have something like this set up in Xano.
I have a table called ‘limits’, where I record how many calls a user has made in a given time.
Then in the function stack of a request, I update the ‘limits’ table and add however many records have been retrieved in the current request.
I have a background process that resets the ‘limits’ table every minute.
You’ll want to have conditions in your Xano function stacks to ensure the user can only retrieve a certain amount of records depending on their current API usage.
It’s also worth noting Xano has a native API limit function, but it’s only available on the second pricing tier.
Great, thanks a lot guys - much appreciated!