draft-ietf-httpapi-ratelimit-headers-01.unpg.txt   draft-ietf-httpapi-ratelimit-headers-latest.txt 
HTTPAPI Working Group R. Polli HTTPAPI Working Group R. Polli
Internet-Draft Team Digitale, Italian Government Internet-Draft Team Digitale, Italian Government
Intended status: Standards Track A. Martinez Intended status: Standards Track A. Martinez
Expires: November 12, 2021 Red Hat Expires: April 19, 2022 Red Hat
May 11, 2021 October 16, 2021
RateLimit Header Fields for HTTP RateLimit Header Fields for HTTP
draft-ietf-httpapi-ratelimit-headers-01 draft-ietf-httpapi-ratelimit-headers-latest
Abstract Abstract
This document defines the RateLimit-Limit, RateLimit-Remaining, This document defines the RateLimit-Limit, RateLimit-Remaining,
RateLimit-Reset fields for HTTP, thus allowing servers to publish RateLimit-Reset fields for HTTP, thus allowing servers to publish
current service limits and clients to shape their request policy and current service limits and clients to shape their request policy and
avoid being throttled out. avoid being throttled out.
Note to Readers Note to Readers
_RFC EDITOR: please remove this section before publication_ _RFC EDITOR: please remove this section before publication_
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
mailing list (httpapi@ietf.org), which is archived at mailing list (httpapi@ietf.org), which is archived at
https://lists.w3.org/Archives/Public/ietf-httpapi-wg/ [1]. https://mailarchive.ietf.org/arch/browse/httpapi/ [1].
The source code and issues list for this draft can be found at The source code and issues list for this draft can be found at
https://github.com/ietf-wg-httpapi/ratelimit-headers [2]. https://github.com/ietf-wg-httpapi/ratelimit-headers [2].
References to "ThisRFC" in the IANA Considerations section would be
replaced with the RFC number when assigned.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 12, 2021. This Internet-Draft will expire on April 19, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Rate-limiting and quotas 1.1. Rate-limiting and quotas . . . . . . . . . . . . . . . . 3
1.2. Current landscape of rate-limiting headers 1.2. Current landscape of rate-limiting headers . . . . . . . 4
1.2.1. Interoperability issues 1.2.1. Interoperability issues . . . . . . . . . . . . . . . 4
1.3. This proposal 1.3. This proposal . . . . . . . . . . . . . . . . . . . . . . 5
1.4. Goals 1.4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.5. Notational Conventions 1.5. Notational Conventions . . . . . . . . . . . . . . . . . 6
2. Expressing rate-limit policies 2. Expressing rate-limit policies . . . . . . . . . . . . . . . 6
2.1. Time window 2.1. Time window . . . . . . . . . . . . . . . . . . . . . . . 6
2.2. Service limit 2.2. Service limit . . . . . . . . . . . . . . . . . . . . . . 7
2.3. Quota policy 2.3. Quota policy . . . . . . . . . . . . . . . . . . . . . . 7
3. Header Specifications 3. Header Specifications . . . . . . . . . . . . . . . . . . . . 8
3.1. RateLimit-Limit 3.1. RateLimit-Limit . . . . . . . . . . . . . . . . . . . . . 8
3.2. RateLimit-Remaining 3.2. RateLimit-Remaining . . . . . . . . . . . . . . . . . . . 9
3.3. RateLimit-Reset 3.3. RateLimit-Reset . . . . . . . . . . . . . . . . . . . . . 10
4. Providing RateLimit fields 4. Providing RateLimit fields . . . . . . . . . . . . . . . . . 10
4.1. Performance considerations 4.1. Performance considerations . . . . . . . . . . . . . . . 12
5. Intermediaries 5. Intermediaries . . . . . . . . . . . . . . . . . . . . . . . 12
6. Caching 6. Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7. Receiving RateLimit fields 7. Receiving RateLimit fields . . . . . . . . . . . . . . . . . 13
8. Examples 8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.1. Unparameterized responses 8.1. Unparameterized responses . . . . . . . . . . . . . . . . 14
8.1.1. Throttling information in responses 8.1.1. Throttling information in responses . . . . . . . . . 14
8.1.2. Use in conjunction with custom fields 8.1.2. Use in conjunction with custom fields . . . . . . . . 15
8.1.3. Use for limiting concurrency 8.1.3. Use for limiting concurrency . . . . . . . . . . . . 16
8.1.4. Use in throttled responses 8.1.4. Use in throttled responses . . . . . . . . . . . . . 17
8.2. Parameterized responses 8.2. Parameterized responses . . . . . . . . . . . . . . . . . 17
8.2.1. Throttling window specified via parameter 8.2.1. Throttling window specified via parameter . . . . . . 17
8.2.2. Dynamic limits with parameterized windows 8.2.2. Dynamic limits with parameterized windows . . . . . . 18
8.2.3. Dynamic limits for pushing back and slowing down 8.2.3. Dynamic limits for pushing back and slowing down . . 18
8.3. Dynamic limits for pushing back with Retry-After and slow 8.3. Dynamic limits for pushing back with Retry-After and slow
down down . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.3.1. Missing Remaining information 8.3.1. Missing Remaining information . . . . . . . . . . . . 20
8.3.2. Use with multiple windows 8.3.2. Use with multiple windows . . . . . . . . . . . . . . 21
9. Security Considerations 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22
9.1. Throttling does not prevent clients from issuing requests 9.1. Throttling does not prevent clients from issuing requests 22
9.2. Information disclosure 9.2. Information disclosure . . . . . . . . . . . . . . . . . 22
9.3. Remaining quota-units are not granted requests 9.3. Remaining quota-units are not granted requests . . . . . 22
9.4. Reliability of RateLimit-Reset 9.4. Reliability of RateLimit-Reset . . . . . . . . . . . . . 22
9.5. Resource exhaustion 9.5. Resource exhaustion . . . . . . . . . . . . . . . . . . . 23
9.6. Denial of Service 9.6. Denial of Service . . . . . . . . . . . . . . . . . . . . 23
10. IANA Considerations 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
10.1. RateLimit-Limit Field Registration 10.1. RateLimit Parameters Registration . . . . . . . . . . . 24
10.2. RateLimit-Remaining Field Registration 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 25
10.3. RateLimit-Reset Field Registration 11.1. Normative References . . . . . . . . . . . . . . . . . . 25
11. References 11.2. Informative References . . . . . . . . . . . . . . . . . 26
11.1. Normative References 11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 26
11.2. Informative References Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 27
11.3. URIs Appendix B. FAQ . . . . . . . . . . . . . . . . . . . . . . . . 27
Appendix A. Acknowledgements RateLimit fields currently used on the web . . . . . . . . . . . 30
Appendix B. FAQ Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
RateLimit fields currently used on the web D.1. Since draft-ietf-httpapi-ratelimit-headers-00 . . . . . . 31
Changes Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31
D.1. Since draft-ietf-httpapi-ratelimit-headers-00
Authors' Addresses
1. Introduction 1. Introduction
The widespreading of HTTP as a distributed computation protocol The widespreading of HTTP as a distributed computation protocol
requires an explicit way of communicating service status and usage requires an explicit way of communicating service status and usage
quotas. quotas.
This was partially addressed by the "Retry-After" header field This was partially addressed by the "Retry-After" header field
defined in [SEMANTICS] to be returned in "429 Too Many Requests" (see defined in [SEMANTICS] to be returned in "429 Too Many Requests" (see
[STATUS429]) or "503 Service Unavailable" responses. [STATUS429]) or "503 Service Unavailable" responses.
Still, there is not a standard way to communicate service quotas so Still, there is not a standard way to communicate service quotas so
that the client can throttle its requests and prevent 4xx or 5xx that the client can throttle its requests and prevent 4xx or 5xx
responses. responses.
1.1. Rate-limiting and quotas 1.1. Rate-limiting and quotas
Servers use quota mechanisms to avoid systems overload, to ensure an Servers use quota mechanisms to avoid systems overload, to ensure an
equitable distribution of computational resources or to enforce other equitable distribution of computational resources or to enforce other
policies - eg. monetization. policies - e.g. monetization.
A basic quota mechanism limits the number of acceptable requests in a A basic quota mechanism limits the number of acceptable requests in a
given time window, eg. 10 requests per second. given time window, e.g. 10 requests per second.
When quota is exceeded, servers usually do not serve the request When quota is exceeded, servers usually do not serve the request
replying instead with a "4xx" HTTP status code (eg. 429 or 403) or replying instead with a "4xx" HTTP status code (e.g. 429 or 403) or
adopt more aggressive policies like dropping connections. adopt more aggressive policies like dropping connections.
Quotas may be enforced on different basis (eg. per user, per IP, per Quotas may be enforced on different basis (e.g. per user, per IP, per
geographic area, ..) and at different levels. For example, an user geographic area, ..) and at different levels. For example, an user
may be allowed to issue: may be allowed to issue:
o 10 requests per second; o 10 requests per second;
o limited to 60 request per minute; o limited to 60 requests per minute;
o limited to 1000 request per hour. o limited to 1000 requests per hour.
Moreover system metrics, statistics and heuristics can be used to Moreover system metrics, statistics and heuristics can be used to
implement more complex policies, where the number of acceptable implement more complex policies, where the number of acceptable
request and the time window are computed dynamically. requests and the time window are computed dynamically.
1.2. Current landscape of rate-limiting headers 1.2. Current landscape of rate-limiting headers
To help clients throttling their requests, servers may expose the To help clients throttling their requests, servers may expose the
counters used to evaluate quota policies via HTTP header fields. counters used to evaluate quota policies via HTTP header fields.
Those response headers may be added by HTTP intermediaries such as Those response headers may be added by HTTP intermediaries such as
API gateways and reverse proxies. API gateways and reverse proxies.
On the web we can find many different rate-limit headers, usually On the web we can find many different rate-limit headers, usually
skipping to change at line 220 skipping to change at page 5, line 34
seconds" notation of "Retry-After". seconds" notation of "Retry-After".
The fields definition allows to describe complex policies, including The fields definition allows to describe complex policies, including
the ones using multiple and variable time windows and dynamic quotas, the ones using multiple and variable time windows and dynamic quotas,
or implementing concurrency limits. or implementing concurrency limits.
1.4. Goals 1.4. Goals
The goals of this proposal are: The goals of this proposal are:
1. Standardizing the names and semantics of rate-limit headers to Interoperability: Standardization of the names and semantics of
ease their enforcement and adoption; rate-limit headers to ease their enforcement and adoption;
2. Improve resiliency of HTTP infrastructure by providing clients Resiliency: Improve resiliency of HTTP infrastructure by providing
with information useful to throttle their requests and prevent clients with information useful to throttle their requests and
4xx or 5xx responses; prevent 4xx or 5xx responses;
3. Simplify API documentation by eliminating the need to include Documentation: Simplify API documentation by eliminating the need to
detailed quota limits and related header fields in API include detailed quota limits and related header fields in API
documentation. documentation.
The goals do not include: The goals do not include:
Authorization: The rate-limit fields described here are not meant to Authorization: The rate-limit fields described here are not meant to
support authorization or other kinds of access controls. support authorization or other kinds of access controls.
Throttling scope: This specification does not cover the throttling Throttling scope: This specification does not cover the throttling
scope, that may be the given resource-target, its parent path or scope, that may be the given resource-target, its parent path or
the whole Origin (see Section 7 of [RFC6454]). the whole Origin (see Section 7 of [RFC6454]).
skipping to change at line 270 skipping to change at page 6, line 35
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
This document uses the Augmented BNF defined in [RFC5234] and updated This document uses the Augmented BNF defined in [RFC5234] and updated
by [RFC7405] along with the "#rule" extension defined in by [RFC7405] along with the "#rule" extension defined in
Section 5.6.1 of [SEMANTICS]. Section 5.6.1 of [SEMANTICS].
The term Origin is to be interpreted as described in Section 7 of The term Origin is to be interpreted as described in Section 7 of
[RFC6454]. [RFC6454].
The "delay-seconds" rule is defined in Section 10.2.4 of [SEMANTICS]. This specification uses Structured Fields [SF] to specify syntax.
The terms sf-list, sf-item, sf-string, sf-token, sf-integer, bare-
item and key refer to the structured types defined therein.
2. Expressing rate-limit policies 2. Expressing rate-limit policies
2.1. Time window 2.1. Time window
Rate limit policies limit the number of acceptable requests in a Rate limit policies limit the number of acceptable requests in a
given time window. given time window.
A time window is expressed in seconds, using the following syntax: A time window is expressed in seconds, using the following syntax:
time-window = delay-seconds time-window = delay-seconds
delay-seconds = sf-integer
Where "delay-seconds" is a non-negative sf-integer compatible with
the "delay-seconds" rule defined in Section 10.2.3 of [SEMANTICS].
Subsecond precision is not supported. Subsecond precision is not supported.
2.2. Service limit 2.2. Service limit
The service-limit is a value associated to the maximum number of The service-limit is a value associated to the maximum number of
requests that the server is willing to accept from one or more requests that the server is willing to accept from one or more
clients on a given basis (originating IP, authenticated user, clients on a given basis (originating IP, authenticated user,
geographical, ..) during a "time-window" as defined in Section 2.1. geographical, ..) during a "time-window" as defined in Section 2.1.
The "service-limit" is expressed in "quota-units" and has the The "service-limit" is expressed in "quota-units" and has the
following syntax: following syntax:
service-limit = quota-units service-limit = quota-units
quota-units = 1*DIGIT quota-units = sf-integer
where quota-units is a non-negative sf-integer.
The "service-limit" SHOULD match the maximum number of acceptable The "service-limit" SHOULD match the maximum number of acceptable
requests. requests.
The "service-limit" MAY differ from the total number of acceptable The "service-limit" MAY differ from the total number of acceptable
requests when weight mechanisms, bursts, or other server policies are requests when weight mechanisms, bursts, or other server policies are
implemented. implemented.
If the "service-limit" does not match the maximum number of If the "service-limit" does not match the maximum number of
acceptable requests the relation with that SHOULD be communicated acceptable requests the relation with that SHOULD be communicated
out-of-band. out-of-band.
Example: A server could Example: A server could
o count once requests like "/books/{id}" o count once requests like "/books/{id}"
o count twice search requests like "/books?author=Camilleri" o count twice search requests like "/books?author=WuMing"
so that we have the following counters so that we have the following counters
GET /books/123 ; service-limit=4, remaining: 3, status=200 GET /books/123 ; service-limit=4, remaining: 3, status=200
GET /books?author=Camilleri ; service-limit=4, remaining: 1, status=200 GET /books?author=WuMing ; service-limit=4, remaining: 1, status=200
GET /books?author=Eco ; service-limit=4, remaining: 0, status=429 GET /books?author=Eco ; service-limit=4, remaining: 0, status=429
2.3. Quota policy 2.3. Quota policy
This specification allows describing a quota policy with the This specification allows describing a quota policy with the
following syntax: following syntax:
quota-policy = service-limit; "w" "=" time-window quota-policy = sf-item
*( OWS ";" OWS quota-comment)
quota-comment = token "=" (token / quoted-string)
quota-policy parameters like "w" and quota-comment tokens MUST NOT where the associated bare-item is a service-limit and parameters are
occur multiple times within the same quota-policy. supported.
The following parameters are defined:
w: The "w" parameter specifies a time window. Its syntax is a "time-
window" defined in Section 2.1.
Other parameters are allowed and can be regarded as comments. They
ought to be registered within the "Hypertext Transfer Protocol (HTTP)
RateLimit Parameters Registry", as described in Section 10.1.
An example policy of 100 quota-units per minute. An example policy of 100 quota-units per minute.
100;w=60 100;w=60
The definition of a quota-policy does not imply any specific The definition of a quota-policy does not imply any specific
distribution of quota-units over time. Such service specific details distribution of quota-units over time. Such service specific details
can be conveyed in the "quota-comments". can be conveyed as parameters.
Two examples of providing further details via custom parameters in Two examples of providing further details via custom parameters
"quota-comments".
100;w=60;comment="fixed window" 100;w=60;comment="fixed window"
12;w=1;burst=1000;policy="leaky bucket" 12;w=1;burst=1000;policy="leaky bucket"
3. Header Specifications 3. Header Specifications
The following "RateLimit" response fields are defined The following "RateLimit" response fields are defined
3.1. RateLimit-Limit 3.1. RateLimit-Limit
The "RateLimit-Limit" response field indicates the "service-limit" The "RateLimit-Limit" response field indicates the "service-limit"
associated to the client in the current "time-window". associated to the client in the current "time-window".
If the client exceeds that limit, it MAY not be served. If the client exceeds that limit, it MAY not be served.
The field value is The field is a List Structured Field of positive length. The first
member is named "expiring-limit" and its syntax is "service-limit",
while the syntax of the other optional members is "quota-policy"
RateLimit-Limit = expiring-limit [, 1#quota-policy ] RateLimit-Limit = sf-list
expiring-limit = service-limit
The "expiring-limit" value MUST be set to the "service-limit" that is The "expiring-limit" value MUST be set to the "service-limit" that is
closer to reach its limit. closer to reach its limit.
The "quota-policy" is defined in Section 2.3, and its values are The "quota-policy" is defined in Section 2.3, and its values are
informative. informative.
RateLimit-Limit: 100 RateLimit-Limit: 100
A "time-window" associated to "expiring-limit" can be communicated A "time-window" associated to "expiring-limit" can be communicated
skipping to change at line 383 skipping to change at page 9, line 22
example example
RateLimit-Limit: 100, 100;w=10 RateLimit-Limit: 100, 100;w=10
If the "expiring-limit" is not associated to a "time-window", the If the "expiring-limit" is not associated to a "time-window", the
"time-window" MUST either be: "time-window" MUST either be:
o inferred by the value of "RateLimit-Reset" at the moment of the o inferred by the value of "RateLimit-Reset" at the moment of the
reset, or reset, or
o communicated out-of-band (eg. in the documentation). o communicated out-of-band (e.g. in the documentation).
Policies using multiple quota limits MAY be returned using multiple Policies using multiple quota limits MAY be returned using multiple
"quota-policy" items, like shown in the following two examples: "quota-policy" items, like shown in the following two examples:
RateLimit-Limit: 10, 10;w=1, 50;w=60, 1000;w=3600, 5000;w=86400 RateLimit-Limit: 10, 10;w=1, 50;w=60, 1000;w=3600, 5000;w=86400
RateLimit-Limit: 10, 10;w=1;burst=1000, 1000;w=3600 RateLimit-Limit: 10, 10;w=1;burst=1000, 1000;w=3600
This field MUST NOT occur multiple times and can be sent in a trailer This field MUST NOT occur multiple times and can be sent in a trailer
section. section.
3.2. RateLimit-Remaining 3.2. RateLimit-Remaining
The "RateLimit-Remaining" response field indicates the remaining The "RateLimit-Remaining" response field indicates the remaining
"quota-units" defined in Section 2.2 associated to the client. "quota-units" defined in Section 2.2 associated to the client.
The field value is The field is an Integer Structured Field and its value is
RateLimit-Remaining = quota-units RateLimit-Remaining = quota-units
This field MUST NOT occur multiple times and can be sent in a trailer This field MUST NOT occur multiple times and can be sent in a trailer
section. section.
Clients MUST NOT assume that a positive "RateLimit-Remaining" value Clients MUST NOT assume that a positive "RateLimit-Remaining" value
is a guarantee that further requests will be served. is a guarantee that further requests will be served.
A low "RateLimit-Remaining" value is like a yellow traffic-light for A low "RateLimit-Remaining" value is like a yellow traffic-light for
skipping to change at line 424 skipping to change at page 10, line 15
One example of "RateLimit-Remaining" use is below. One example of "RateLimit-Remaining" use is below.
RateLimit-Remaining: 50 RateLimit-Remaining: 50
3.3. RateLimit-Reset 3.3. RateLimit-Reset
The "RateLimit-Reset" response field indicates either The "RateLimit-Reset" response field indicates either
o the number of seconds until the quota resets. o the number of seconds until the quota resets.
The field value is The field is an Integer Structured Field and its value is
RateLimit-Reset = delay-seconds RateLimit-Reset = delay-seconds
The delay-seconds format is used because: The delay-seconds format is used because:
o it does not rely on clock synchronization and is resilient to o it does not rely on clock synchronization and is resilient to
clock adjustment and clock skew between client and server (see clock adjustment and clock skew between client and server (see
Section 5.6.7 of [SEMANTICS]); Section 5.6.7 of [SEMANTICS]);
o it mitigates the risk related to thundering herd when too many o it mitigates the risk related to thundering herd when too many
skipping to change at line 447 skipping to change at page 10, line 38
This field MUST NOT occur multiple times and can be sent in a trailer This field MUST NOT occur multiple times and can be sent in a trailer
section. section.
An example of "RateLimit-Reset" use is below. An example of "RateLimit-Reset" use is below.
RateLimit-Reset: 50 RateLimit-Reset: 50
The client MUST NOT assume that all its "service-limit" will be The client MUST NOT assume that all its "service-limit" will be
restored after the moment referenced by "RateLimit-Reset". The restored after the moment referenced by "RateLimit-Reset". The
server MAY arbitrarily alter the "RateLimit-Reset" value between server MAY arbitrarily alter the "RateLimit-Reset" value between
subsequent requests eg. in case of resource saturation or to subsequent requests e.g. in case of resource saturation or to
implement sliding window policies. implement sliding window policies.
4. Providing RateLimit fields 4. Providing RateLimit fields
A server MAY use one or more "RateLimit" response fields defined in A server MAY use one or more "RateLimit" response fields defined in
this document to communicate its quota policies. this document to communicate its quota policies.
The returned values refers to the metrics used to evaluate if the The returned values refers to the metrics used to evaluate if the
current request respects the quota policy and MAY not apply to current request respects the quota policy and MAY not apply to
subsequent requests. subsequent requests.
skipping to change at line 460 skipping to change at page 11, line 4
4. Providing RateLimit fields 4. Providing RateLimit fields
A server MAY use one or more "RateLimit" response fields defined in A server MAY use one or more "RateLimit" response fields defined in
this document to communicate its quota policies. this document to communicate its quota policies.
The returned values refers to the metrics used to evaluate if the The returned values refers to the metrics used to evaluate if the
current request respects the quota policy and MAY not apply to current request respects the quota policy and MAY not apply to
subsequent requests. subsequent requests.
Example: a successful response with the following fields Example: a successful response with the following fields
RateLimit-Limit: 10 RateLimit-Limit: 10
RateLimit-Remaining: 1 RateLimit-Remaining: 1
RateLimit-Reset: 7 RateLimit-Reset: 7
does not guarantee that the next request will be successful. Server does not guarantee that the next request will be successful. Server
metrics may be subject to other conditions like the one shown in the metrics may be subject to other conditions like the one shown in the
example from Section 2.2. example from Section 2.2.
A server MAY return "RateLimit" response fields independently of the A server MAY return "RateLimit" response fields independently of the
response status code. This includes throttled responses. response status code. This includes throttled responses.
This document does not mandate any correlation between the This document does not mandate any correlation between the
"RateLimit" values and the returned status code. "RateLimit" values and the returned status code.
Servers should be careful in returning "RateLimit" fields in Servers should be careful in returning "RateLimit" fields in
redirection responses (eg. 3xx status codes) because a low redirection responses (e.g. 3xx status codes) because a low
"RateLimit-Remaining" value could limit the client from issuing "RateLimit-Remaining" value could limit the client from issuing
requests. For example, given the rate limiting fields below, a requests. For example, given the rate limiting fields below, a
client could decide to wait 10 seconds before following the client could decide to wait 10 seconds before following the
"Location" header, because "RateLimit-Remaining" is 0. "Location" header, because "RateLimit-Remaining" is 0.
HTTP/1.1 301 Moved Permanently HTTP/1.1 301 Moved Permanently
Location: /foo/123 Location: /foo/123
RateLimit-Remaining: 0 RateLimit-Remaining: 0
RateLimit-Limit: 10 RateLimit-Limit: 10
RateLimit-Reset: 10 RateLimit-Reset: 10
skipping to change at line 503 skipping to change at page 11, line 46
MUST reply with the "RateLimit" fields related to the window with the MUST reply with the "RateLimit" fields related to the window with the
lower "RateLimit-Remaining" values. lower "RateLimit-Remaining" values.
A service returning "RateLimit" fields MUST NOT convey values A service returning "RateLimit" fields MUST NOT convey values
exposing an unwanted volume of requests and SHOULD implement exposing an unwanted volume of requests and SHOULD implement
mechanisms to cap the ratio between "RateLimit-Remaining" and mechanisms to cap the ratio between "RateLimit-Remaining" and
"RateLimit-Reset" (see Section 9.5); this is especially important "RateLimit-Reset" (see Section 9.5); this is especially important
when quota-policies use a large "time-window". when quota-policies use a large "time-window".
Under certain conditions, a server MAY artificially lower "RateLimit" Under certain conditions, a server MAY artificially lower "RateLimit"
field values between subsequent requests, eg. to respond to Denial of field values between subsequent requests, e.g. to respond to Denial
Service attacks or in case of resource saturation. of Service attacks or in case of resource saturation.
Servers usually establish whether the request is in-quota before Servers usually establish whether the request is in-quota before
creating a response, so the RateLimit field values should be already creating a response, so the RateLimit field values should be already
available in that moment. Nonetheless servers MAY decide to send the available in that moment. Nonetheless servers MAY decide to send the
"RateLimit" fields in a trailer section. "RateLimit" fields in a trailer section.
4.1. Performance considerations 4.1. Performance considerations
Servers are not required to return "RateLimit" fields in every Servers are not required to return "RateLimit" fields in every
response, and clients need to take this into account. For example, response, and clients need to take this into account. For example,
an implementer concerned with performance might provide "RateLimit" an implementer concerned with performance might provide "RateLimit"
fields only when a given quota is going to expire. fields only when a given quota is going to expire.
Implementers concerned with response fields' size, might take into Implementers concerned with response fields' size, might take into
account their ratio with respect to the payload data, or use header- account their ratio with respect to the payload data, or use header-
compression http features such as [HPACK]. compression http features such as [HPACK].
5. Intermediaries 5. Intermediaries
This section documents the considerations advised in Section 16.3.3 This section documents the considerations advised in Section 16.3.2
of [SEMANTICS]. of [SEMANTICS].
An intermediary that is not part of the originating service An intermediary that is not part of the originating service
infrastructure and is not aware of the quota-policy semantic used by infrastructure and is not aware of the quota-policy semantic used by
the Origin Server SHOULD NOT alter the RateLimit fields' values in the Origin Server SHOULD NOT alter the RateLimit fields' values in
such a way as to communicate a more permissive quota-policy; this such a way as to communicate a more permissive quota-policy; this
includes removing the RateLimit fields. includes removing the RateLimit fields.
An intermediary MAY alter the RateLimit fields in such a way as to An intermediary MAY alter the RateLimit fields in such a way as to
communicate a more restrictive quota-policy when: communicate a more restrictive quota-policy when:
skipping to change at line 584 skipping to change at page 13, line 37
Malformed "RateLimit" fields MAY be ignored. Malformed "RateLimit" fields MAY be ignored.
A client SHOULD NOT exceed the "quota-units" expressed in "RateLimit- A client SHOULD NOT exceed the "quota-units" expressed in "RateLimit-
Remaining" before the "time-window" expressed in "RateLimit-Reset". Remaining" before the "time-window" expressed in "RateLimit-Reset".
A client MAY still probe the server if the "RateLimit-Reset" is A client MAY still probe the server if the "RateLimit-Reset" is
considered too high. considered too high.
The value of "RateLimit-Reset" is generated at response time: a The value of "RateLimit-Reset" is generated at response time: a
client aware of a significant network latency MAY behave accordingly client aware of a significant network latency MAY behave accordingly
and use other information (eg. the "Date" response header field, or and use other information (e.g. the "Date" response header field, or
otherwise gathered metrics) to better estimate the "RateLimit-Reset" otherwise gathered metrics) to better estimate the "RateLimit-Reset"
moment intended by the server. moment intended by the server.
The "quota-policy" values and comments provided in "RateLimit-Limit" The "quota-policy" values and comments provided in "RateLimit-Limit"
are informative and MAY be ignored. are informative and MAY be ignored.
If a response contains both the "RateLimit-Reset" and "Retry-After" If a response contains both the "RateLimit-Reset" and "Retry-After"
fields, "Retry-After" MUST take precedence and "RateLimit-Reset" MAY fields, "Retry-After" MUST take precedence and "RateLimit-Reset" MAY
be ignored. be ignored.
This specification does not mandate a specific throttling behavior This specification does not mandate a specific throttling behavior
and implementers can adopt their preferred policies, including: and implementers can adopt their preferred policies, including:
o slowing down or preemptively backoff their request rate when o slowing down or preemptively back-off their request rate when
approaching quota limits; approaching quota limits;
o consuming all the quota according to the exposed limits and then o consuming all the quota according to the exposed limits and then
wait. wait.
8. Examples 8. Examples
8.1. Unparameterized responses 8.1. Unparameterized responses
8.1.1. Throttling information in responses 8.1.1. Throttling information in responses
skipping to change at line 857 skipping to change at page 19, line 33
"status": 429, "status": 429,
"detail": "Wait 20 seconds, then slow down!" "detail": "Wait 20 seconds, then slow down!"
} }
8.3. Dynamic limits for pushing back with Retry-After and slow down 8.3. Dynamic limits for pushing back with Retry-After and slow down
Alternatively, given the same context where the previous example Alternatively, given the same context where the previous example
starts, we can convey the same information to the client via "Retry- starts, we can convey the same information to the client via "Retry-
After", with the advantage that the server can now specify the After", with the advantage that the server can now specify the
policy's nominal limit and window that will apply after the reset, policy's nominal limit and window that will apply after the reset,
ie. assuming the resource exhaustion is likely to be gone by then, so e.g. assuming the resource exhaustion is likely to be gone by then,
the advertised policy does not need to be adjusted, yet we managed to so the advertised policy does not need to be adjusted, yet we managed
stop requests for a while and slow down the rest of the current to stop requests for a while and slow down the rest of the current
window. window.
Request: Request:
GET /items/123 HTTP/1.1 GET /items/123 HTTP/1.1
Host: api.example Host: api.example
Response: Response:
HTTP/1.1 429 Too Many Requests HTTP/1.1 429 Too Many Requests
skipping to change at line 890 skipping to change at page 20, line 26
Note that in this last response the client is expected to honor Note that in this last response the client is expected to honor
"Retry-After" and perform no requests for the specified amount of "Retry-After" and perform no requests for the specified amount of
time, whereas the previous example would not force the client to stop time, whereas the previous example would not force the client to stop
requests before the reset time is elapsed, as it would still be free requests before the reset time is elapsed, as it would still be free
to query again the server even if it is likely to have the request to query again the server even if it is likely to have the request
rejected. rejected.
8.3.1. Missing Remaining information 8.3.1. Missing Remaining information
The server does not expose "RateLimit-Remaining" values, but resets The server does not expose "RateLimit-Remaining" values (for example,
the limit counter every second. because the underlying counters are not available). Instead, it
resets the limit counter every second.
It communicates to the client the limit of 10 quota-units per second It communicates to the client the limit of 10 quota-units per second
always returning the couple "RateLimit-Limit" and "RateLimit-Reset". always returning the couple "RateLimit-Limit" and "RateLimit-Reset".
Request: Request:
GET /items/123 HTTP/1.1 GET /items/123 HTTP/1.1
Host: api.example Host: api.example
Response: Response:
skipping to change at line 1064 skipping to change at page 24, line 14
o passed by a misconfigured server; o passed by a misconfigured server;
or an high "RateLimit-Reset" value could inhibit clients to contact or an high "RateLimit-Reset" value could inhibit clients to contact
the server. the server.
Clients MUST validate the received values to mitigate those risks. Clients MUST validate the received values to mitigate those risks.
10. IANA Considerations 10. IANA Considerations
10.1. RateLimit-Limit Field Registration IANA is requested to update one registry and create one new registry.
This section registers the "RateLimit-Limit" field in the "Hypertext
Transfer Protocol (HTTP) Field Name Registry" registry ([SEMANTICS]).
Field name: "RateLimit-Limit"
Status: permanent Please add the following entries to the "Hypertext Transfer Protocol
(HTTP) Field Name Registry" registry ([SEMANTICS]):
Specification document(s): Section 3.1 of this document +---------------------+-----------+------------------------+
| Field Name | Status | Specification |
+---------------------+-----------+------------------------+
| RateLimit-Limit | permanent | Section 3.1 of ThisRFC |
| RateLimit-Remaining | permanent | Section 3.2 of ThisRFC |
| RateLimit-Reset | permanent | Section 3.3 of ThisRFC |
+---------------------+-----------+------------------------+
10.2. RateLimit-Remaining Field Registration 10.1. RateLimit Parameters Registration
This section registers the "RateLimit-Remaining" field in the IANA is requested to create a new registry to be called "Hypertext
"Hypertext Transfer Protocol (HTTP) Field Name Registry" registry Transfer Protocol (HTTP) RateLimit Parameters Registry", to be
([SEMANTICS]). located at https://www.iana.org/assignments/http-ratelimit-parameters
[3]. Registration is done on the advice of a Designated Expert,
appointed by the IESG or their delegate. All entries are
Specification Required ([IANA], Section 4.6).
Field name: "RateLimit-Remaining" Registration requests consist of the following information:
Status: permanent o Parameter name: The parameter name, conforming to [SF].
Specification document(s): Section 3.2 of this document o Field name: The RateLimit field for which the parameter is
registered. If a parameter is intended to be used with multiple
fields, it has to be registered for each one.
10.3. RateLimit-Reset Field Registration o Description: A brief description of the parameter.
This section registers the "RateLimit-Reset" field in the "Hypertext o Specification document: A reference to the document that specifies
Transfer Protocol (HTTP) Field Name Registry" registry ([SEMANTICS]). the parameter, preferably including a URI that can be used to
retrieve a copy of the document.
Field name: "RateLimit-Reset" o Comments (optional): Any additional information that can be
useful.
Status: permanent The initial contents of this registry should be:
Specification document(s): Section 3.3 of this document +---------------+----------+------------+--------------+------------+
| Field Name | Paramete | Descriptio | Specificatio | Comments |
| | r name | n | n | (optional) |
+---------------+----------+------------+--------------+------------+
| RateLimit- | w | Time | Section 2.3 | |
| Limit | | window | of ThisRFC | |
+---------------+----------+------------+--------------+------------+
11. References 11. References
11.1. Normative References 11.1. Normative References
[IANA] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>. <https://www.rfc-editor.org/info/rfc5234>.
skipping to change at line 1126 skipping to change at page 25, line 48
[RFC7405] Kyzivat, P., "Case-Sensitive String Support in ABNF", [RFC7405] Kyzivat, P., "Case-Sensitive String Support in ABNF",
RFC 7405, DOI 10.17487/RFC7405, December 2014, RFC 7405, DOI 10.17487/RFC7405, December 2014,
<https://www.rfc-editor.org/info/rfc7405>. <https://www.rfc-editor.org/info/rfc7405>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[SEMANTICS] [SEMANTICS]
Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP
Semantics", draft-ietf-httpbis-semantics-15 (work in Semantics", draft-ietf-httpbis-semantics-19 (work in
progress), March 2021. progress), September 2021.
[SF] Nottingham, M. and P-H. Kamp, "Structured Field Values for
HTTP", RFC 8941, DOI 10.17487/RFC8941, February 2021,
<https://www.rfc-editor.org/info/rfc8941>.
11.2. Informative References 11.2. Informative References
[HPACK] Peon, R. and H. Ruellan, "HPACK: Header Compression for [HPACK] Peon, R. and H. Ruellan, "HPACK: Header Compression for
HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015, HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015,
<https://www.rfc-editor.org/info/rfc7541>. <https://www.rfc-editor.org/info/rfc7541>.
[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
<https://www.rfc-editor.org/info/rfc3339>. <https://www.rfc-editor.org/info/rfc3339>.
skipping to change at line 1159 skipping to change at page 26, line 39
Stewart, R., Tuexen, M., and P. Lei, "Stream Control Stewart, R., Tuexen, M., and P. Lei, "Stream Control
Transmission Protocol (SCTP) Stream Reconfiguration", Transmission Protocol (SCTP) Stream Reconfiguration",
RFC 6525, DOI 10.17487/RFC6525, February 2012, RFC 6525, DOI 10.17487/RFC6525, February 2012,
<https://www.rfc-editor.org/info/rfc6525>. <https://www.rfc-editor.org/info/rfc6525>.
[UNIX] The Open Group, ., "The Single UNIX Specification, Version [UNIX] The Open Group, ., "The Single UNIX Specification, Version
2 - 6 Vol Set for UNIX 98", February 1997. 2 - 6 Vol Set for UNIX 98", February 1997.
11.3. URIs 11.3. URIs
[1] https://lists.w3.org/Archives/Public/ietf-httpapi-wg/ [1] https://mailarchive.ietf.org/arch/browse/httpapi/
[2] https://github.com/ietf-wg-httpapi/ratelimit-headers [2] https://github.com/ietf-wg-httpapi/ratelimit-headers
[3] https://github.com/httpwg/http-core/ [3] https://www.iana.org/assignments/http-ratelimit-parameters
[4] https://github.com/httpwg/http-core/
pull/317#issuecomment-585868767 pull/317#issuecomment-585868767
[4] https://github.com/ioggstream/draft-polli-ratelimit-headers/ [5] https://github.com/ioggstream/draft-polli-ratelimit-headers/
issues/70 issues/70
[5] https://community.ntppool.org/t/another-ntp-client-failure- [6] https://community.ntppool.org/t/another-ntp-client-failure-
story/1014/ story/1014/
[6] https://lists.w3.org/Archives/Public/ietf-http- [7] https://lists.w3.org/Archives/Public/ietf-http-
wg/2019JulSep/0202.html wg/2019JulSep/0202.html
[7] https://github.com/ioggstream/draft-polli-ratelimit-headers/ [8] https://github.com/ioggstream/draft-polli-ratelimit-headers/
issues/34#issuecomment-519366481 issues/34#issuecomment-519366481
Appendix A. Acknowledgements Appendix A. Acknowledgements
Thanks to Willi Schoenborn, Alejandro Martinez Ruiz, Alessandro Thanks to Willi Schoenborn, Alejandro Martinez Ruiz, Alessandro
Ranellucci, Amos Jeffries, Martin Thomson, Erik Wilde and Mark Ranellucci, Amos Jeffries, Martin Thomson, Erik Wilde and Mark
Nottingham for being the initial contributors of these Nottingham for being the initial contributors of these
specifications. Kudos to the first community implementors: Aapo specifications. Kudos to the first community implementers: Aapo
Talvensaari, Nathan Friedly and Sanyam Dogra. Talvensaari, Nathan Friedly and Sanyam Dogra.
Appendix B. FAQ Appendix B. FAQ
1. Why defining standard fields for throttling? 1. Why defining standard fields for throttling?
To simplify enforcement of throttling policies. To simplify enforcement of throttling policies.
2. Can I use RateLimit-* in throttled responses (eg with status code 2. Can I use RateLimit-* in throttled responses (eg with status code
429)? 429)?
skipping to change at line 1209 skipping to change at page 27, line 42
No. [RFC6585] defines the "429" status code and we use it just No. [RFC6585] defines the "429" status code and we use it just
as an example of a throttled request, that could instead use even as an example of a throttled request, that could instead use even
"403" or whatever status code. The goal of this specification is "403" or whatever status code. The goal of this specification is
to standardize the name and semantic of three ratelimit fields to standardize the name and semantic of three ratelimit fields
widely used on the internet. Stricter relations with status widely used on the internet. Stricter relations with status
codes or error response payloads would impose behaviors to all codes or error response payloads would impose behaviors to all
the existing implementations making the adoption more complex. the existing implementations making the adoption more complex.
4. Why don't pass the throttling scope as a parameter? 4. Why don't pass the throttling scope as a parameter?
After a discussion on a similar thread [3] we will probably add a After a discussion on a similar thread [4] we will probably add a
new "RateLimit-Scope" field to this spec. new "RateLimit-Scope" field to this spec.
I'm open to suggestions: comment on this issue [4] I'm open to suggestions: comment on this issue [5]
5. Why using delay-seconds instead of a UNIX Timestamp? Why not 5. Why using delay-seconds instead of a UNIX Timestamp? Why not
using subsecond precision? using subsecond precision?
Using delay-seconds aligns with "Retry-After", which is returned Using delay-seconds aligns with "Retry-After", which is returned
in similar contexts, eg on 429 responses. in similar contexts, eg on 429 responses.
Timestamps require a clock synchronization protocol (see Timestamps require a clock synchronization protocol (see
Section 5.6.7 of [SEMANTICS]). This may be problematic (eg. Section 5.6.7 of [SEMANTICS]). This may be problematic (e.g.
clock adjustment, clock skew, failure of hardcoded clock clock adjustment, clock skew, failure of hardcoded clock
synchronization servers, IoT devices, ..). Moreover timestamps synchronization servers, IoT devices, ..). Moreover timestamps
may not be monotonically increasing due to clock adjustment. See may not be monotonically increasing due to clock adjustment. See
Another NTP client failure story [5] Another NTP client failure story [6]
We did not use subsecond precision because: We did not use subsecond precision because:
* that is more subject to system clock correction like the one * that is more subject to system clock correction like the one
implemented via the adjtimex() Linux system call; implemented via the adjtimex() Linux system call;
* response-time latency may not make it worth. A brief * response-time latency may not make it worth. A brief
discussion on the subject is on the httpwg ml [6] discussion on the subject is on the httpwg ml [7]
* almost all rate-limit headers implementations do not use it. * almost all rate-limit headers implementations do not use it.
6. Why not support multiple quota remaining? 6. Why not support multiple quota remaining?
While this might be of some value, my experience suggests that While this might be of some value, my experience suggests that
overly-complex quota implementations results in lower overly-complex quota implementations results in lower
effectiveness of this policy. This spec allows the client to effectiveness of this policy. This spec allows the client to
easily focusing on RateLimit-Remaining and RateLimit-Reset. easily focusing on RateLimit-Remaining and RateLimit-Reset.
7. Shouldn't I limit concurrency instead of request rate? 7. Shouldn't I limit concurrency instead of request rate?
You can use this specification to limit concurrency at the HTTP You can use this specification to limit concurrency at the HTTP
level (see {#use-for-limiting-concurrency}) and help clients to level (see {#use-for-limiting-concurrency}) and help clients to
shape their requests avoiding being throttled out. shape their requests avoiding being throttled out.
A problematic way to limit concurrency is connection dropping, A problematic way to limit concurrency is connection dropping,
especially when connections are multiplexed (eg. HTTP/2) because especially when connections are multiplexed (e.g. HTTP/2)
this results in unserviced client requests, which is something we because this results in unserviced client requests, which is
want to avoid. something we want to avoid.
A semantic way to limit concurrency is to return 503 + Retry- A semantic way to limit concurrency is to return 503 + Retry-
After in case of resource saturation (eg. thrashing, connection After in case of resource saturation (e.g. thrashing, connection
queues too long, Service Level Objectives not meet, ..). queues too long, Service Level Objectives not meet, ..).
Saturation conditions can be either dynamic or static: all this Saturation conditions can be either dynamic or static: all this
is out of the scope for the current document. is out of the scope for the current document.
8. Do a positive value of "RateLimit-Remaining" imply any service 8. Do a positive value of "RateLimit-Remaining" imply any service
guarantee for my future requests to be served? guarantee for my future requests to be served?
No. FAQ integrated in Section 3.2. No. FAQ integrated in Section 3.2.
9. Is the quota-policy definition Section 2.3 too complex? 9. Is the quota-policy definition Section 2.3 too complex?
skipping to change at line 1267 skipping to change at page 29, line 4
queues too long, Service Level Objectives not meet, ..). queues too long, Service Level Objectives not meet, ..).
Saturation conditions can be either dynamic or static: all this Saturation conditions can be either dynamic or static: all this
is out of the scope for the current document. is out of the scope for the current document.
8. Do a positive value of "RateLimit-Remaining" imply any service 8. Do a positive value of "RateLimit-Remaining" imply any service
guarantee for my future requests to be served? guarantee for my future requests to be served?
No. FAQ integrated in Section 3.2. No. FAQ integrated in Section 3.2.
9. Is the quota-policy definition Section 2.3 too complex? 9. Is the quota-policy definition Section 2.3 too complex?
You can always return the simplest form of the 3 fields You can always return the simplest form of the 3 fields
RateLimit-Limit: 100 RateLimit-Limit: 100
RateLimit-Remaining: 50 RateLimit-Remaining: 50
RateLimit-Reset: 60 RateLimit-Reset: 60
The key runtime value is the first element of the list: "expiring- The key runtime value is the first element of the list: "expiring-
limit", the others "quota-policy" are informative. So for the limit", the others "quota-policy" are informative. So for the
following field: following field:
RateLimit-Limit: 100, 100;w=60;burst=1000;comment="sliding window", 5000;w=3600;burst=0;comment="fixed window" RateLimit-Limit: 100, 100;w=60;burst=1000;comment="sliding window", 5000;w=3600;burst=0;comment="fixed window"
the key value is the one referencing the lowest limit: "100" the key value is the one referencing the lowest limit: "100"
1. Can we use shorter names? Why don't put everything in one field? 1. Can we use shorter names? Why don't put everything in one field?
The most common syntax we found on the web is "X-RateLimit-*" and The most common syntax we found on the web is "X-RateLimit-*" and
when starting this I-D we opted for it [7] when starting this I-D we opted for it [8]
The basic form of those fields is easily parseable, even by The basic form of those fields is easily parseable, even by
implementors procesing responses using technologies like dynamic implementers processing responses using technologies like dynamic
interpreter with limited syntax. interpreter with limited syntax.
Using a single field complicates parsing and takes a significantly Using a single field complicates parsing and takes a significantly
different approach from the existing ones: this can limit adoption. different approach from the existing ones: this can limit adoption.
1. Why don't mention connections? 1. Why don't mention connections?
Beware of the term "connection": &#65532; &#65532; - it is just Beware of the term "connection": &#65532; &#65532; - it is just
_one_ possible saturation cause. Once you go that path &#65532; _one_ possible saturation cause. Once you go that path &#65532;
you will expose other infrastructural details (bandwidth, CPU, .. you will expose other infrastructural details (bandwidth, CPU, ..
see Section 9.2) &#65532; and complicate client compliance; see Section 9.2) &#65532; and complicate client compliance;
&#65532; - it is an infrastructural detail defined in terms of &#65532; - it is an infrastructural detail defined in terms of
server and network &#65532; rather than the consumed service. server and network &#65532; rather than the consumed service.
This specification protects the services first, and then the This specification protects the services first, and then the
infrastructures through client cooperation (see Section 9.1). infrastructures through client cooperation (see Section 9.1).
&#65532; &#65532; RateLimit fields enable sending _on the same &#65532; &#65532; RateLimit fields enable sending _on the same
connection_ different limit values &#65532; on each response, connection_ different limit values &#65532; on each response,
depending on the policy scope (eg. per-user, per-custom-key, ..) depending on the policy scope (e.g. per-user, per-custom-key, ..)
&#65532; &#65532;
2. Can intermediaries alter RateLimit fields? 2. Can intermediaries alter RateLimit fields?
Generally, they should not because it might result in unserviced Generally, they should not because it might result in unserviced
requests. There are reasonable use cases for intermediaries requests. There are reasonable use cases for intermediaries
mangling RateLimit fields though, e.g. when they enforce stricter mangling RateLimit fields though, e.g. when they enforce stricter
quota-policies, or when they are an active component of the quota-policies, or when they are an active component of the
service. In those case we will consider them as part of the service. In those case we will consider them as part of the
originating infrastructure. originating infrastructure.
skipping to change at line 1374 skipping to change at page 31, line 17
* X-RateLimit-Limit and X-Rate-Limit-Limit * X-RateLimit-Limit and X-Rate-Limit-Limit
* X-RateLimit-Remaining and X-Rate-Limit-Remaining * X-RateLimit-Remaining and X-Rate-Limit-Remaining
* X-RateLimit-Reset and X-Rate-Limit-Reset * X-RateLimit-Reset and X-Rate-Limit-Reset
The semantic of RateLimit-Remaining depends on the windowing The semantic of RateLimit-Remaining depends on the windowing
algorithm. A sliding window policy for example may result in having algorithm. A sliding window policy for example may result in having
a "RateLimit-Remaining" value related to the ratio between the a "RateLimit-Remaining" value related to the ratio between the
current and the maximum throughput. Eg. current and the maximum throughput. e.g.
RateLimit-Limit: 12, 12;w=1 RateLimit-Limit: 12, 12;w=1
RateLimit-Remaining: 6 ; using 50% of throughput, that is 6 units/s RateLimit-Remaining: 6 ; using 50% of throughput, that is 6 units/s
RateLimit-Reset: 1 RateLimit-Reset: 1
If this is the case, the optimal solution is to achieve If this is the case, the optimal solution is to achieve
RateLimit-Limit: 12, 12;w=1 RateLimit-Limit: 12, 12;w=1
RateLimit-Remaining: 1 ; using 100% of throughput, that is 12 units/s RateLimit-Remaining: 1 ; using 100% of throughput, that is 12 units/s
RateLimit-Reset: 1 RateLimit-Reset: 1
 End of changes. 74 change blocks. 
151 lines changed or deleted 192 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/