How to make an API using Koa.js ? If the user is not logged in, can only use 10 times. If the user successfully logs in, it can be used unlimitedly

Question

I was ready to create an API, but I couldn't find a way to restrict users who weren't logged in.For users who have successfully logged in, I can fulfill this requirement. But for users who are not logged in, I hope he can use it 10 times for free.

The question is how to effectively control it?

cookie?
browser fingerprinting?
ip?

I have thought about the above approach, but do not know how to achieve it completely.I have no experience with this part.

score 2 · Answer 1 · answered Nov 30 '19 at 22:55

Identify a guest user by a combination between IP address and cookie, and record it to database with initialized visits to 0

// guest user visiting recored
{ 
 ip : String, 
 cookie : String,
 visits : Number // default 0
}

every time unlogged user sends a request to the service, increase visits based on IP and Cookie founded in recored (database or cache), then judge based on visits number whether to deny or allow the service for a given IP and cookie

How to make an API using Koa.js ? If the user is not logged in, can only use 10 times. If the user successfully logs in, it can be used unlimitedly

1 Answers1