Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Preventing Users doing multiple calls for a service(method)

 
Anurag Blore
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All,

We have a method in our stateless EJB which query's our tables abd returns the result. We have designed the API thinking this should be one time call I mean user should call once this method in there flow.

Example: We are trying to get the history of work done by an Employee and I pass EmployeeID to get the detail



What is happening there are some systems which are using our API (the above method) and they are trying to call the method as a bulk query. Someone is using a for loop to get employee details for say 1000 employees and this is causing our System to hang.

My question is, Is there a way I can implement something so the calling system cannot call my API in a bulk query.

Thanks
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34179
340
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anurag,
Google uses a common technique for this - give out keys and require the user to pass the key in calls to your service. Then you can track when the key is used and limit it by time or volume. You could say only X calls per minute or X calls per day.
 
Reza Rahman
author
Ranch Hand
Posts: 580
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anurag,

You cannot prevent excessive calls without writing additional code. Even then, enforcement would be difficult because you would have to depend on the client to do "the right thing".

What you can do to help prevent the system from being overrun is specify a sensible upper bound on the number of pooled instances for the beans. However, even this will not help much if the problem is that the number of serial calls is just too high.

That in conjunction with asking the problematic application to be changed :-).

Hope it helps,
Reza
 
Anurag Blore
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jeanne and Reza.

Jeanne, Do you have any link from where I can get more details about controlling the calls based on volume?

Thanks,
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not to sidetrack the discussion - but from what i see, its the API that needs to be fixed or tuned if possible. The API expects a userid and all it needs to return is the details. So it should not actually care about how many users are calling it, as long as it is tuned enough.

Someone is using a for loop to get employee details for say 1000 employees and this is causing our System to hang.


It applies to *any* other publicly accessible API isn't it?
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34179
340
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anurag Blore wrote:Jeanne, Do you have any link from where I can get more details about controlling the calls based on volume?

It's more of a concept, but you could look at the API for Amazon Web Services
 
Reza Rahman
author
Ranch Hand
Posts: 580
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have to say that I agree with Jaikiran.

Unless this is a public API available to the "world" (e.g. accessed via a web service) and you have no way of realistically communicating with the client base, it seems wrong to put in explicit bandwidth throttling mechanisms instead of fixing the API or the client.

Best regards,
Reza
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic