CN110276182B - API distributed current limiting realization method - Google Patents
API distributed current limiting realization method Download PDFInfo
- Publication number
- CN110276182B CN110276182B CN201910498355.0A CN201910498355A CN110276182B CN 110276182 B CN110276182 B CN 110276182B CN 201910498355 A CN201910498355 A CN 201910498355A CN 110276182 B CN110276182 B CN 110276182B
- Authority
- CN
- China
- Prior art keywords
- current limiting
- user
- interface
- api
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/215—Flow control; Congestion control using token-bucket
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/549—Remote execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a control method of API distributed current limiting, and belongs to the field of network financial transactions. Respectively configuring an interface and a user-level access current limiting rule into a database according to current limiting frequency; after receiving an API request sent by a user, the server side carries out signature verification on the API parameters; after the verification is passed, according to the user identification key in the API parameter, the current limiting strategy corresponding to the ordering interface of the user is inquired in the current limiting component through real; obtaining a token of the user-level and interface-level current limiting in the Redis cluster through a Redis lua script of the cluster; and judging whether the interface calling conforms to the interface authority and the current limit of the user. The invention solves the problems of low server performance, unmatchable interface and low server availability during multi-user concurrency in the prior art, and realizes the aim of API distributed current limiting with high performance and high availability.
Description
Technical Field
The invention belongs to the technical field of network financial transactions, and particularly relates to an API distributed current limiting implementation method.
Background
In the field of financial transactions, the existing transaction mode is a service provider and a service caller, the service provider provides a calling API interface of services, and the service caller realizes the services by calling the API interface. The server side has an estimated capacity at the beginning of system design, the TPS/QPS threshold which can be borne by the system is exceeded for a long time, the system can be crushed, and finally the system is spread to the whole service, so that the service is insufficient. To avoid this, it is necessary to throttle the requests of the API interface. The purpose of throttling is to protect the system by throttling concurrent access requests or the number of requests within a time window, and once the limiting rate is reached, can deny service, queue or wait. The current API interface current limiting method belongs to current limiting, namely when the number of transactions is too large, the load capacity of an application system of a service provider is limited, if an unexpected request is over-stressed on the system and the whole business application system is dragged down, the loss of the service provider and the service caller is very disastrous, if the transactions are limited only by the passive current limiting mode, the method has poor flexibility, flexible configuration, accurate current limiting, high efficiency and corresponding authority verification cannot be carried out, and flexible and reasonable current limiting is more needed due to the business characteristics of financial transactions.
The problems in the prior art are that: 1) the local JVM level current limit can only be applied in a single machine service, and the performance and high availability of the server have problems; 2) an unconfigured interface current limiting strategy often cannot meet variable and diversified user current limiting requirements; 3) in the process of increasing users, single user-level current limiting easily triggers server performance bottlenecks when multiple users are concurrent, and therefore availability of other functions of the service is affected.
Therefore, a method for implementing API distributed current limiting is needed to solve the problems of low server performance, unavailable interfaces and low server availability during multi-user concurrency in the prior art, and achieve the purpose of API distributed current limiting with high performance and high availability.
Disclosure of Invention
The invention aims to provide a control method of API distributed current limiting, which solves the problems of low server performance, unavailable interfaces and low server availability during multi-user concurrency in the prior art and realizes the aim of high-performance and high-availability API distributed current limiting.
The technical scheme adopted by the invention is to provide a control method of API distributed current limiting, which comprises the following steps:
s1, before or during the operation of the API system, respectively configuring the access current limiting rules of the interface level current limiting value, the user level interface access authority and the user level interface current limiting value into a database according to the current limiting frequency;
s2, after receiving the API request sent by the user, the server side carries out signature verification on the API parameters; after the verification is passed, according to a user identifier key in the API parameter, inquiring a current limiting rule corresponding to a user and an ordering interface in a current limiting component through real, and after the inquiry is successful, obtaining a token for current limiting at a user level and an interface level in a Redis cluster through a cluster Redis lua script; judging whether the current interface call meets the current limiting rule of S1; and after the verification is passed, the interface is successfully called, otherwise, the calling is failed and the corresponding abnormal code is returned.
Further, in S2, obtaining the tokens of the user-level and interface-level current limiting in the Redis cluster through the cluster Redis hua script is performed according to a rule whether the number of the current limiting frequency counter in the token bucket is greater than the user-level and interface-level current limiting values, and the specific process is as follows:
if the rule is judged to pass, the success is obtained, and a counter +1 of the corresponding current limiting frequency in the token bucket is set;
if the token is acquired for the first time in the current limiting frequency, the expiration time of the token bucket frequency counter is set to be the current time plus 1 current limiting frequency cycle, and whether the current interface call meets the structural authority and current limiting of the user is judged.
Further, the current limiting frequency comprises a current limiting period and a current limiting value.
Further, the parameters in the API request in S2 include user key information, the number of placed orders, and the price.
The invention has the beneficial effects that:
1. the invention realizes the atomic current limitation of user interface access in a cluster environment by adopting a distributed redis lua script and a token bucket algorithm;
2. the invention adopts the current limiting rule with flexible and configurable time length and current limiting times to realize the variability and diversity requirements of user-level and interface-level current limiting;
3. the invention simultaneously carries out the current limiting of the user level and the interface level, carries out Fail Fast under the condition that the service capability is over-limit, limits the access amount of the interface in unit time, and avoids the loss of the service capability of the whole system caused by the chain reaction caused by the fact that the interface access exceeds the service capability.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of rights current limiting processing.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention is characterized in that:
1. the essential point of realization of the redis lua script is as follows:
firstly, the following steps are involved: the method comprises the following steps of (1) limiting current duration, limiting current frequency, an interface identification code and a user identification code;
secondly, the realization: carrying out expiration time of a current limiting frequency counter according to the current limiting duration, and carrying out current limiting verification and token acquisition according to the current limiting frequency and a token bucket algorithm;
③ participating in the ginseng: whether the interface access is limited or not;
the method comprises the following steps of (1) limiting current duration, limiting current frequency, an interface identification code and a user identification code; carrying out expiration time of a current limiting frequency counter according to the current limiting duration, and carrying out current limiting verification and token acquisition according to the current limiting frequency and a token bucket algorithm; whether the interface access is limited or not is judged.
2. The current limiting rule of the invention can be matched with the following key points:
firstly, fixed configuration: interface identification code, user identification code;
dynamic configuration: the current limiting duration and the current limiting frequency corresponding to the interface identification code and the current limiting duration and the current limiting frequency corresponding to the user identification code;
and thirdly, a dynamic rule implementation mode: when a user accesses a corresponding interface, acquiring corresponding current limiting duration and frequency, and then transmitting an lua script;
3. the invention simultaneously supports the key points of realizing user-level and interface-level current limiting: double current limiting of the user and the interface is performed.
The overall current limiting embodiment is shown in fig. 1, and specifically as follows:
1. configuration: before or during the operation of the API system, a system administrator configures an interface and a user-level access current-limiting rule into a database;
2. checking: after receiving an API request sent by a user, a server side firstly carries out signature verification on the API parameter, after the parameter verification is passed, current limiting strategies corresponding to the user and an interface are inquired in a current limiting component through real according to a user identifier key in the API parameter, after the inquiry is successful, a cluster Redis lua script is used for obtaining a token for limiting the current of the user level and the interface level in a Redis cluster to carry out current limiting verification, whether the interface calling conforms to the interface authority and the current limiting of the user or not is judged, after the verification is passed, the interface calling is successful, and otherwise, the calling is failed and a corresponding abnormal code is returned.
Example (b):
a. before the system runs, a system administrator admin configures a single interface current limiting rule to be 4000 times per second accessible, and a user A configures a single interface rule to be 80 times per second accessible;
b. the user A initiates an order issuing API request, the server side carries out signature verification on parameters such as key1 information of the user, the order issuing quantity, the price and the like in the request, after the signature verification is passed, the order issuing interface current limiting strategy corresponding to the user is inquired in the current limiting component through Realm according to the key1, after the inquiry is successful, the cluster Redis lua script is called to obtain the current limiting token corresponding to the user A and the order issuing interface, after the inquiry is successful, the current limiting token corresponding to the user A and the order issuing interface is indicated to be not reached in the calling, and the calling is passed.
c. When the user A accesses the ordering interface for the 81 st time in the current second, the token acquisition is failed; when the next second of access is made again, the token is regenerated again.
The user initiates a request for placing an order, the server side carries out signature verification on parameters such as Key1 information of the user, the number of the placed orders, the price and the like in the request, after the signature verification is passed, the order placing interface current limiting strategy corresponding to the user is inquired in the current limiting component through real according to Key1, after the inquiry is successful, the cluster Redis lua script is called to obtain the current limiting token corresponding to the user A and the order placing interface, after the acquisition is successful, the calling is shown not to reach the current limiting bottleneck, and the calling is passed.
d. When the admin re-limits the interface access flow of the user A to 100 in the database, the initial token number of the next-second ordering interface access of the user A is increased to 100, and at the moment, the user A can call 100 ordering interfaces per second.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (1)
1. A control method of API distributed current limiting is characterized by comprising the following steps:
s1, before or during operation of the API system, respectively configuring an interface level current limiting value, a user level interface access authority and an access current limiting rule of the user level interface current limiting value into a database according to current limiting frequency, wherein the current limiting frequency comprises a current limiting period and a current limiting value;
s2, after receiving the API request sent by the user, the server side carries out signature verification on the API parameters; after the verification is passed, according to a user identifier key in the API parameter, inquiring a current limiting rule corresponding to a user and an ordering interface in a current limiting component through real, and after the inquiry is successful, obtaining a token for current limiting at a user level and an interface level in a Redis cluster through a cluster Redis lua script; judging whether the current interface call meets the current limiting rule of S1; after the verification is passed, the interface is successfully called, otherwise, the calling is failed and the corresponding abnormal code is returned;
the API parameters in the API request comprise user key information, the number of placed orders and the price;
the obtaining of the token of the user-level and interface-level current limit in the Redis cluster is performed according to a rule that whether the number of current limit frequency counters in a token bucket is greater than the user-level and interface-level current limit values, and the specific process is as follows:
if the rule is judged to pass, the success is obtained, and a counter +1 of the corresponding current limiting frequency in the token bucket is set;
if the token is acquired for the first time in the current limiting frequency, the expiration time of the token bucket frequency counter is set to be the current time plus 1 current limiting frequency cycle, and whether the current interface call meets the structural authority and current limiting of the user is judged.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910498355.0A CN110276182B (en) | 2019-06-10 | 2019-06-10 | API distributed current limiting realization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910498355.0A CN110276182B (en) | 2019-06-10 | 2019-06-10 | API distributed current limiting realization method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110276182A CN110276182A (en) | 2019-09-24 |
| CN110276182B true CN110276182B (en) | 2020-12-22 |
Family
ID=67960608
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910498355.0A Expired - Fee Related CN110276182B (en) | 2019-06-10 | 2019-06-10 | API distributed current limiting realization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110276182B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110768912B (en) * | 2019-10-21 | 2022-11-18 | 中国民航信息网络股份有限公司 | API gateway current limiting method and device |
| CN110995611A (en) * | 2019-12-20 | 2020-04-10 | 创盛视联数码科技(北京)有限公司 | Distributed current limiting method for high concurrency request |
| CN111443962A (en) * | 2020-03-31 | 2020-07-24 | 海南新软软件有限公司 | Transaction limiting method and device |
| CN111585913B (en) * | 2020-04-30 | 2023-04-07 | 武汉众邦银行股份有限公司 | Service flow limiting method based on recovery token and storage medium |
| CN112637082B (en) * | 2020-12-15 | 2023-03-31 | 银盛支付服务股份有限公司 | Distributed current limiting method |
| CN112671658B (en) * | 2020-12-16 | 2023-01-31 | 中国建设银行股份有限公司 | Data current limiting method, component and tool kit |
| CN112751847A (en) * | 2020-12-28 | 2021-05-04 | 深圳市优必选科技股份有限公司 | Interface call request processing method and device, electronic equipment and storage medium |
| CN112910947A (en) * | 2020-12-31 | 2021-06-04 | 南京联创互联网技术有限公司 | Lua-based high-concurrency current-limiting second killing technology |
| CN114285849A (en) * | 2021-12-21 | 2022-04-05 | 中国电信股份有限公司 | Current limiting state adjusting method and device, storage medium and electronic device |
| CN114900467A (en) * | 2022-05-11 | 2022-08-12 | 融慧金科金融服务外包(北京)有限公司 | API flow control method and device |
| CN115037693B (en) * | 2022-05-17 | 2023-05-26 | 瀚云科技有限公司 | Distributed current limiting method and distributed current limiting device based on token bucket |
| CN115002043A (en) * | 2022-05-30 | 2022-09-02 | 重庆长安汽车股份有限公司 | Distributed current limiting method, device and storage medium based on registration center |
| CN114915593B (en) * | 2022-06-10 | 2023-05-09 | 北京世纪好未来教育科技有限公司 | Redis-based flow control method and device, electronic equipment and storage medium |
| CN115208834A (en) * | 2022-07-12 | 2022-10-18 | 武汉众邦银行股份有限公司 | Service flow limiting method based on database storage process design |
| CN115442307A (en) * | 2022-07-27 | 2022-12-06 | 交通银行股份有限公司 | Distributed key-based current limiting method, system and computer-readable storage medium |
| CN116155809A (en) * | 2022-12-13 | 2023-05-23 | 宝付网络科技(上海)有限公司 | Flow control system for concurrency control of software system and control method thereof |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014185706A1 (en) * | 2013-05-15 | 2014-11-20 | Samsung Electronics Co., Ltd. | Method and system for providing deterministic quality of service for communication devices |
| CN108112038B (en) * | 2016-11-24 | 2021-06-01 | 深圳市云网万店科技有限公司 | Method and device for controlling access flow |
| CN108494703B (en) * | 2018-03-08 | 2022-05-06 | 腾讯科技(深圳)有限公司 | Access frequency control method, device and storage medium |
| CN109194584B (en) * | 2018-08-13 | 2022-04-26 | 中国平安人寿保险股份有限公司 | Flow monitoring method and device, computer equipment and storage medium |
| CN109787908B (en) * | 2018-12-13 | 2023-04-07 | 平安普惠企业管理有限公司 | Server current limiting method, system, computer equipment and storage medium |
-
2019
- 2019-06-10 CN CN201910498355.0A patent/CN110276182B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN110276182A (en) | 2019-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110276182B (en) | API distributed current limiting realization method | |
| CN106899680B (en) | The fragment treating method and apparatus of multi-tiling chain | |
| CN109684358B (en) | Data query method and device | |
| CN104168333B (en) | The working method of PROXZONE service platforms | |
| CN111131058B (en) | Access quantity control method and device | |
| US8959237B2 (en) | Web services requests throttling | |
| EP2335154A1 (en) | Distributed data processing system | |
| CN111641563B (en) | Flow self-adaption method and system based on distributed scene | |
| CN107527222B (en) | Information processing method, device and system | |
| CN105306277A (en) | Message scheduling method and message scheduling device for message queues | |
| US9207983B2 (en) | Methods for adapting application services based on current server usage and devices thereof | |
| CN109962855A (en) | A kind of current-limiting method of WEB server, current-limiting apparatus and terminal device | |
| CN109257293A (en) | A kind of method for limiting speed, device and gateway server for network congestion | |
| CN108616429A (en) | A kind of reconnection method and equipment of Push Service | |
| US20030158883A1 (en) | Message processing | |
| CN110048907B (en) | Global flow control method and device in cluster environment | |
| CN110191160A (en) | A kind of concurrency control method and device | |
| CN108989413A (en) | Abnormal traffic compensation method, device, computer equipment and storage medium | |
| CN110417888A (en) | Flow control methods, volume control device and electronic equipment | |
| CN106375102A (en) | Service registration method, application method and correlation apparatus | |
| CN107682316B (en) | Method for generating dynamic password sending strategy and method for sending dynamic password | |
| CN110351345B (en) | Method and device for processing service request | |
| CN114640700A (en) | Calling frequency control method and device | |
| CN116703071A (en) | Resource sharing method, device and equipment and storage medium | |
| CN116319810A (en) | Flow control method, device, equipment, medium and product of distributed system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201222 |