Functions abuse prevention

I’m relatively new to functions and netlify, and wondering about abuse prevention - namely, limiting requests to my netlify functions so that malicious actors aren’t able to hit my endpoints at an extremely high rate and raise my costs. In a more traditional server environment, I might expect to be able to rate-limit based on IP, like using HAProxy stick tables. I’m not sure how to go about doing something similar in the netlify functions / lambda context, or if there’s another approach people tend to use to prevent abuse.

Further context on my use case: I’ve got a netlify site with a React frontend, and functions API endpoints that write to a faunadb database. In my ideal world, I’d probably limit those API endpoints to fulfill requests from my React app only, but that seems difficult given the React app’s client-side context (i.e. there doesn’t seem to be anywhere to use secrets that would be completely obscured from a client and prevent retrieval by a user). Implementing some form of rate-limiting seems like a reasonable alternative, or first step.

hey @nkanderson - good questions, and I’m glad you are checking in about this.

We’re discussed this before in these forums (not specific to functions calls, but I think the same philosophy applies)

take a look at this thread: