{% extends 'scenario-basic.html' %} {% block title-text %} Tiredful API: Rate Limit Implementation {% endblock %} {% block content %}

Challenge: Rate Limit Implementation

This challenge is to show the missing rate limit implementation issue.
Missing rate limit implementation allow attacker to abuse system resources by launching a DOS attack.

Following is the API end point:
POST http://{{ request.get_host }}/api/v1/trains/

POST: 
  {
      "PNR": <pnr_number(string)>
  }
Following are the train PNR numbers available:
{# Message notifications #} {% if pnr_numbers %}
    {% for pnr in pnr_numbers %}
  1. {{ pnr }}
    2. {% endfor %}
{% endif %} Aim: Force server to respond with HTTP response code 429. {% endblock %}