Bird
Raised Fist0
Djangoframework~20 mins

Throttling for rate limiting in Django - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
πŸŽ–οΈ
Throttling Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
❓ component_behavior
intermediate
2:00remaining
What happens when a user exceeds the throttle limit in Django REST Framework?

Consider a Django REST Framework API view with a throttle class set to limit requests to 5 per minute per user. What is the expected behavior when a user sends the 6th request within the same minute?

Django
from rest_framework.throttling import UserRateThrottle
from rest_framework.views import APIView
from rest_framework.response import Response

class FivePerMinuteThrottle(UserRateThrottle):
    rate = '5/minute'

class ExampleView(APIView):
    throttle_classes = [FivePerMinuteThrottle]

    def get(self, request):
        return Response({'message': 'Request successful'})
AThe 6th request is accepted but logged for review later.
BThe 6th request resets the throttle count and is accepted normally.
CThe 6th request is blocked and the API returns a 429 Too Many Requests response.
DThe 6th request causes a server error (500 Internal Server Error).
Attempts:
2 left
πŸ’‘ Hint

Think about what HTTP status code is used when rate limits are exceeded.

πŸ“ Syntax
intermediate
2:00remaining
Identify the correct way to set a custom throttle rate in Django REST Framework

Which of the following code snippets correctly sets a throttle rate of 10 requests per hour for a custom throttle class?

A
class CustomThrottle(UserRateThrottle):
    rate = 10/hour
B
class CustomThrottle(UserRateThrottle):
    rate = '10/hour'
C
class CustomThrottle(UserRateThrottle):
    rate = 10 per hour
D
class CustomThrottle(UserRateThrottle):
    rate = '10 per hour'
Attempts:
2 left
πŸ’‘ Hint

Remember the rate must be a string with a number and time unit separated by a slash.

πŸ”§ Debug
advanced
2:00remaining
Why does the custom throttle class not limit requests as expected?

Given the following throttle class, users are not being limited to 3 requests per minute as intended. What is the cause?

Django
from rest_framework.throttling import UserRateThrottle

class ThreePerMinuteThrottle(UserRateThrottle):
    rate = '3/minute'
AThe rate value should be a string, so rate = '3/minute' is required.
BThe UserRateThrottle class does not support per-minute limits.
CThe throttle class must override the allow_request method to work.
DThe rate should be set in settings.py, not in the class.
Attempts:
2 left
πŸ’‘ Hint

Check the data type of the rate attribute.

🧠 Conceptual
advanced
2:00remaining
How does Django REST Framework differentiate users for throttling?

When using UserRateThrottle, how does Django REST Framework identify different users to apply rate limits?

AIt uses the user’s authentication credentials from request.user to identify unique users.
BIt uses the client IP address to identify users.
CIt applies the same limit to all users without differentiation.
DIt uses session cookies to track users.
Attempts:
2 left
πŸ’‘ Hint

Think about how authentication works in Django REST Framework.

❓ state_output
expert
2:00remaining
What is the output of this Django REST Framework throttle configuration?

Given the following settings and code, what will be the response status code of the 4th request made by the same authenticated user within one minute?

Django
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.UserRateThrottle',
    ],
    'DEFAULT_THROTTLE_RATES': {
        'user': '3/minute'
    }
}

from rest_framework.views import APIView
from rest_framework.response import Response

class TestView(APIView):
    def get(self, request):
        return Response({'detail': 'Success'})
A403 Forbidden
B200 OK
C500 Internal Server Error
D429 Too Many Requests
Attempts:
2 left
πŸ’‘ Hint

Check the throttle rate and how many requests are allowed per minute.

Practice

(1/5)
1. What is the main purpose of throttling in Django REST Framework?
easy
A. To cache API responses for faster access
B. To limit the number of requests a user can make in a given time period
C. To authenticate users before accessing the API
D. To speed up the response time of the server

Solution

  1. Step 1: Understand throttling concept

    Throttling is designed to control how many requests a user can send to the server in a set time.

  2. Step 2: Identify purpose in Django REST Framework

    It prevents abuse by limiting request rates, not speeding responses or authentication.

  3. Final Answer:

    To limit the number of requests a user can make in a given time period -> Option B

  4. Quick Check:

    Throttling = request limit [OK]
Hint: Throttling controls request counts per time [OK]
Common Mistakes:
  • Confusing throttling with authentication
  • Thinking throttling speeds up responses
  • Mixing throttling with caching
2. Which of the following is the correct way to set a throttle rate of 10 requests per minute in a custom throttle class?
easy
A. rate = '10/minute'
B. rate = '10/second'
C. rate = 'minute/10'
D. rate = '10 requests per minute'

Solution

  1. Step 1: Recall throttle rate format

    The rate must be a string with number and time unit separated by a slash, e.g., '10/minute'.

  2. Step 2: Match correct syntax

    Only '10/minute' matches the required format; others are invalid or incorrect syntax.

  3. Final Answer:

    rate = '10/minute' -> Option A

  4. Quick Check:

    Throttle rate format = 'number/time' [OK]
Hint: Throttle rate uses 'number/time' string format [OK]
Common Mistakes:
  • Using spaces or words instead of slash format
  • Swapping number and time units
  • Using unsupported time units
3. Given this view with throttling applied:
from rest_framework.throttling import UserRateThrottle

class MyThrottle(UserRateThrottle):
    rate = '3/minute'

class MyView(APIView):
    throttle_classes = [MyThrottle]

    def get(self, request):
        return Response({'message': 'Hello'})

What happens if a user makes 4 GET requests within one minute?
medium
A. The 4th request is delayed but eventually succeeds
B. All 4 requests succeed with status 200
C. The 4th request is blocked with a 429 Too Many Requests error
D. The server crashes due to too many requests

Solution

  1. Step 1: Understand throttle rate and behavior

    The throttle allows 3 requests per minute per user; the 4th exceeds the limit.

  2. Step 2: Identify response to exceeding limit

    When limit is exceeded, Django REST Framework returns HTTP 429 error blocking the request.

  3. Final Answer:

    The 4th request is blocked with a 429 Too Many Requests error -> Option C

  4. Quick Check:

    Requests > rate limit = 429 error [OK]
Hint: Requests over limit get 429 error [OK]
Common Mistakes:
  • Assuming all requests succeed
  • Thinking requests get delayed instead of blocked
  • Believing server crashes on too many requests
4. Identify the error in this custom throttle class:
from rest_framework.throttling import SimpleRateThrottle

class CustomThrottle(SimpleRateThrottle):
    scope = 'custom'

    def get_cache_key(self, request, view):
        return request.user.id

# settings.py
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_RATES': {
        'custom': '5/minute'
    }
}
medium
A. get_cache_key should return a string, but returns an integer
B. scope should be set to 'rate' instead of 'custom'
C. DEFAULT_THROTTLE_RATES key 'custom' is missing a time unit
D. CustomThrottle must inherit from UserRateThrottle, not SimpleRateThrottle

Solution

  1. Step 1: Check get_cache_key return type

    The method returns request.user.id, which is an integer, but cache keys must be strings.

  2. Step 2: Validate other parts

    Scope 'custom' matches the throttle rate key, and inheritance from SimpleRateThrottle is valid.

  3. Final Answer:

    get_cache_key should return a string, but returns an integer -> Option A

  4. Quick Check:

    Cache key must be string [OK]
Hint: Cache keys must be strings, not integers [OK]
Common Mistakes:
  • Returning non-string cache keys
  • Misnaming throttle scope
  • Confusing throttle class inheritance
5. You want to apply different throttle rates for authenticated and anonymous users in Django REST Framework. Which approach correctly implements this?
hard
A. Set a single throttle class with rate '10/minute' and check user status inside get_cache_key
B. Use middleware to block anonymous users after 5 requests per minute instead of throttling classes
C. Apply throttling only to authenticated users by setting throttle_classes conditionally in the view
D. Use two throttle classes: one with 'user' scope for authenticated, one with 'anon' scope for anonymous, and add both to the view's throttle_classes

Solution

  1. Step 1: Understand throttling for different user types

    Django REST Framework supports multiple throttle classes to handle different user types separately.

  2. Step 2: Apply correct method

    Using two throttle classes with 'user' and 'anon' scopes and adding both to throttle_classes is the standard way.

  3. Final Answer:

    Use two throttle classes: one with 'user' scope for authenticated, one with 'anon' scope for anonymous, and add both to the view's throttle_classes -> Option D

  4. Quick Check:

    Multiple throttle classes handle user types separately [OK]
Hint: Use separate throttle classes for user and anon [OK]
Common Mistakes:
  • Trying to handle both user types in one throttle class
  • Using middleware instead of throttle classes
  • Conditionally setting throttle_classes in the view