Rate Limiting of REST Order Delivery

[JohnNKing]

Story

As a hospital, so that my orders are delivered successfully to Natus, I need to ensure ReportStream does not exceed their rate limit.

Pre-conditions

• none

Acceptance Criteria

• TBD

Tasks

Engineering

• Engineering work needed to complete the story
• Foundational: Technical runway work to support this and future efforts

Definition of Done

• Documentation tasks completed
  • Documentation and diagrams created or updated
    • Implementation guide (/ig folder)
    • ADRs (/adr folder)
    • Main README.md
    • Other READMEs in the repo
    • If applicable, update the ReportStream Setup section in README.md
  • Threat model updated
  • API documentation updated
• Code quality tasks completed
  • Code refactored for clarity and no design/technical debt
  • Adhere to separation of concerns; code is not tightly coupled, especially to 3rd party dependencies
  • Code is reviewed or developed by pair; 1 approval is needed but consider requiring an outside-the-pair reviewer
  • Code quality checks passed
• Security & Privacy tasks completed
  • Security & privacy gates passed
• Testing tasks completed
  • Load tests passed
  • Unit test coverage of our code >= 90%
• Build & Deploy tasks completed
  • Build process updated
  • API(s) are versioned
  • Feature toggles created and/or deleted. Document the feature toggle
  • Source code is merged to the main branch

Research Questions

• Optional: Any initial questions for research

Decisions

• Optional: Any decisions we've made while working on this story

Notes

• Optional: Any reference material or thoughts we may need for later reference

[JohnNKing]

For added context, from the LA Service Blueprint:

Natus rate limiting: denied if...
IP whitelisted (already done)

• 20 calls by name (by path; for any path) per 90 sec; then 401 returned; goes away if you wait a while
• 10 call in 60 sec per IP for a single path

Option to adjust if we need to
^ May want tuning this to be an alternative option to complete this story

[scleary1cs]

@JohnNKing above bullet:

• 20 calls by name (by path; for any path) per 90 sec; then 401 returned; goes away if you wait a while

Any context for what "wait a while" means?

[scleary1cs]

Technical and Partner research card.

[scleary1cs]

Include in below spike:

What happens if we exceed the rate limit?
Do we just get errors back, do we get locked out, does it break things at Natus?

[scleary1cs]

Spike will need to be created to define requirements for this story.

• Use existing configuration tactics (batching, timing, retries with backoff)?
• Push back on Natus?
• Actually implementing a rate limiting system (this would most like be in RS or between RS and final destination) - this option is not preferred

[scleary1cs]

Blocked until #1552 is complete.

[JohnNKing]

Moving out of Sprint Backlog for Stream 2 pending this being unblocked.

[JohnNKing]

@JohnNKing above bullet:

• 20 calls by name (by path; for any path) per 90 sec; then 401 returned; goes away if you wait a while

Any context for what "wait a while" means?

@scleary1cs I don't believe they provided more specifics regarding the timeframe for unblocking an IP address -- just assurances that it wasn't a permanent block.