I have an API in PHP and I want to limit the classification to different levels, with different levels. Each user will be assigned a level and an API key to use in the URL.
So, for example, here is the configuration of my user:
user_id api_key requests / monthly requests / minute 1 123456 10000 100 2 aaaaaa 2000 10 3 K3Jlkj3 10000 100
And a request would look like this:
Requests that do not have a valid api_key would be rejected with a 401.
I've found a lot about IP address throttling, but nothing about throttling by API query parameter keys. I can do it in the application itself, but it seems superfluous if the web server can do it.
Is it possible with Apache (preferred) or nginx? Are there any good tutorials for these kinds of things?