0
0
Rest APIprogramming~20 mins

Per-user vs per-IP limits in Rest API - Practice Questions

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Rate Limit Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Understanding Rate Limits: Per-User vs Per-IP

In a REST API, what is the main difference between applying rate limits per user and per IP address?

APer-user limits apply only to authenticated users, while per-IP limits apply only to unauthenticated users.
BPer-user limits restrict requests based on user identity, while per-IP limits restrict requests based on the client IP address.
CPer-user limits restrict requests based on IP address, while per-IP limits restrict requests based on user identity.
DPer-user limits allow unlimited requests, while per-IP limits always block after one request.
Attempts:
2 left
💡 Hint

Think about what uniquely identifies a user versus what identifies a network location.

Predict Output
intermediate
1:30remaining
Output of Rate Limit Check Function

Given this Python function that checks rate limits, what will be the output when calling check_limit('user123', '192.168.1.10') if the user has made 5 requests and the IP has made 10 requests?

Rest API
def check_limit(user_id, ip):
    user_limit = 5
    ip_limit = 10
    user_requests = {'user123': 5}
    ip_requests = {'192.168.1.10': 10}
    if user_requests.get(user_id, 0) >= user_limit:
        return 'User limit exceeded'
    if ip_requests.get(ip, 0) >= ip_limit:
        return 'IP limit exceeded'
    return 'Allowed'
AKeyError
B"IP limit exceeded"
C"Allowed"
D"User limit exceeded"
Attempts:
2 left
💡 Hint

Check which limit is reached first in the code.

🔧 Debug
advanced
2:00remaining
Identify the Bug in Rate Limiting Logic

What error will this code raise when calling increment_request('user1', '10.0.0.1') for the first time?

Rest API
user_requests = {}
ip_requests = {}
user_limit = 3
ip_limit = 5

def increment_request(user_id, ip):
    if user_requests[user_id] >= user_limit:
        return 'User limit reached'
    if ip_requests[ip] >= ip_limit:
        return 'IP limit reached'
    user_requests[user_id] += 1
    ip_requests[ip] += 1
    return 'Request allowed'
AKeyError
BTypeError
CValueError
DNo error, returns 'Request allowed'
Attempts:
2 left
💡 Hint

Think about what happens when you try to access a dictionary key that does not exist.

📝 Syntax
advanced
1:30remaining
Syntax Error in Rate Limit Decorator

Which option contains the correct syntax for a Python decorator that limits API calls per user?

Rest API
def rate_limit(func):
    def wrapper(user_id):
        # limit logic here
        return func(user_id)
    return wrapper
A
def rate_limit(func):
    def wrapper(user_id):
        # limit logic
        return func(user_id)
    return wrapper
B
def rate_limit(func):
    def wrapper(user_id):
        # limit logic
        return func(user_id)
    wrapper
C
def rate_limit(func):
    def wrapper(user_id):
        # limit logic
        return func(user_id)
    return wrapper()
D
def rate_limit(func):
    def wrapper(user_id):
        # limit logic
        return func(user_id)
    return func
Attempts:
2 left
💡 Hint

Remember what a decorator must return.

🚀 Application
expert
2:30remaining
Choosing Rate Limit Strategy for a Public API

You manage a public REST API used by many anonymous users behind shared IP addresses. Which rate limiting strategy is best to prevent abuse while minimizing false blocks?

AApply per-user limits only, ignoring IP addresses since users are anonymous.
BApply strict per-IP limits only, blocking IPs after few requests.
CCombine per-IP limits with a higher threshold and per-user limits for authenticated users.
DDo not apply any rate limits to avoid blocking legitimate users.
Attempts:
2 left
💡 Hint

Consider how anonymous users and shared IPs affect rate limiting.