So far, we haven't established any limits on the usage of our API, and therefore, both authenticated and unauthenticated users can compose and send as many requests as they want to. We only took advantage of the pagination features available in Django REST Framework to specify how we wanted large results sets to be split into individual pages of data. However, any user can compose and send thousands of requests to be processed without any kind of limitation.
We will use throttling to configure the following limitations of the usage of our API:
Unauthenticated users: A maximum of five requests per hour.
Authenticated users: A maximum of 20 requests per hour.
In addition, we want to configure a maximum of 100 requests per hour to the game categories related views, no matter whether the user is authenticated or not.
Django REST Framework provides the following three throttling classes in the rest_framework.throttling
module. All of them are subclasses of the SimpleRateThrottle...