loading...
markdown guide
 

Stateless in the context of REST APIs means not storing any data about the clients sessions on the server. Every request should be treated without regard to any previous (or future) requests.

Normally, you would make it the clients responsibility to send any needed state with each request, but in this particular case, that would create a big security hole.

Therefore, you will need to consider this logon attempts limit as resource state and persist it to your back-end data store (database). Once it's there, its shared between your instances, and load balancing problem is basically solved.

(Or go OAuth and let someone else worry about it!)

 

Thanks for this explanation I didn't understand well the concept of stateless until now :)

 

The API's are stateless, that doesn't mean they cannot communicate with databases. One simple way is to increment a database count, when an incorrect password is used, and have the API check it.

That also answers your question about load balancing, as they'll check the same database.

 

Load balancer/proxy and block by server or use firewall (software or hardware or both).

Classic DEV Post from May 10 '19

Why I ignore the hype (and you should too)

It’s been 20 years since I made my first website. I've been burned by the hype ti...

Rumesh Madhusanka profile image
Computer Science and Engineering Undergraduate