I have 2 requirements need to be fullfilled:
- Apply rate limiting for an @GetMapping API based on user: only 15 requests per minute per user. Quite simple! I create a concurrent
hashmap<username, bucket>
to group buckets by user. Any request comes, I will get username, then get the corresponding bucket, then apply rate limiting. - Apply rate limiting for an @GetMapping API based on user and a @RequestParam "transaction-id": If same user call this API with different transaction-id, limit up to 5 requests per hour per user. If same user call this API with same transaction-id, then (1) will be applied. For example:
invokeAPI("ey12==", "t1") OK, invokeAPI("ey12==", "t2") OK, invokeAPI("ey12==", "t1") OK, invokeAPI("ey12==", "t1") OK, invokeAPI("ey12==", "t3") OK, invokeAPI("ey12==", "t1") OK, invokeAPI("ey12==", "t4") OK, invokeAPI("ey12==", "t5") OK, invokeAPI("ey12==", "t6") Blocked
Requirement 1 is done. Please suggest me a solution for requirement number 2. Is Bucket4j suitable for this case? I event don't know where to start at.