This service handles the majority of the work of the project. Through it’s endpoints you can record traffic which arrives at your target (endpoint etc) and query if a given traffic source still has available capacity when evaluated against a predefined rate limit.

Endpoints

Traffic

This endpoint is used to report traffic which arrives at your target. Here is an example POST body

{
    "TargetId": "4865d5ba-2cf3-4da1-96c3-20c2ddb9cb8e",
    "Source": "127.0.0.1"
}

Has Capacity

This endpoint takes the targetId, rateLimitId and source you supply and works out if the source, given the amount of traffic you have logged for it using the Traffic endpoint, still has capacity based on the rate limit you have supplied.

{"UserId":"f0b026ac-632c-4c03-b91f-30a877a2ced6", "TargetId":"f9cce91a-9104-42be-a587-33b3ab284e13", "Source":"127.0.0.1", "RateLimitId":"ccdc627e-b510-4a0c-ad4d-91c98f869cbf"}

The response is a simple boolean; here is an example

{
    "HasCapacity": true
}

The Flow Control project will advise if, in the current second, the source of traffic you supply has capacity for the target you supply based on the rate limit you supply. It is up to you to respond to that information for instance, by responding to the end user with an HTTP 429 - Too Many Requests header.

Ban IP

This endpoint bans an ip via the Cloudflare api. It will ban the ip from the zone you specify - which could be your entire domain containing your api endpoints and your website. Bans start at five minutes, and double with every subsequent ban. Here is an example request body

{
    "ip": "127.0.0.1",
    "targetId": "7d20a140-9f07-4bf6-b06f-71ac8f030c18",
    "cloudflareApiToken": "--api-token--",
    "zoneId": "c1ad--cf-zone-id--6f3"
}