What about doing something similar to
If you are using a reverse proxy with this capability, that’s an easy way to do rate limiting. For example, we use nginx, and have rate limits set on a per endpoint basis.
Might prefer to have a rate limit based on client_id (not on a network criteria)
For the auth endpoints, client_id is in the query.
1 Like
For client_credentials flow it is into the body… not really convenient
Our reverse proxy is Traefik