Quiz Entry - updated: 2026.06.20
What is API4 Unrestricted Resource Consumption?
Without rate limits or size caps, a client can exhaust the API's resources — flooding it for a denial of service, or running up a huge cloud bill in pay-per-use environments.
Example: an endpoint that resizes uploaded images has no limit on file size or request rate. An attacker scripts thousands of uploads of 50 MB images; the server's CPU and memory are pinned resizing them (DoS), and if it auto-scales, the owner gets a four-figure cloud bill overnight. The risk is specifically resource exhaustion (CPU, memory, bandwidth, money), which is why the countermeasures are quotas, rate limits, max payload sizes, and spending alerts.
Issues:
- DoS attacks - overwhelming the API
- Unnecessary costs - especially in cloud/pay-per-use environments
Countermeasures:
- Define limits (rate limiting, quotas)
- Enforce maximum data size for requests/responses
- Scale where needed but within budget
- Validate input to prevent resource-intensive operations
- Spending limits/alerts for cloud resources