So let me start this by thanking so many people for using Lemmios! But more people does come with some issues, I currently have 126 users on lemmy.world that have notifications enabled, which means enough requests that I am starting to hit their rate limits and a solution needs to be found. I have identified a few options:
- Start requiring a cost for notifications in order to limit users (instructions to self-host server for no cost will be available)
- Make notifications have a significant delay (definitely don't want this)
- Offer to lemmy.world devs to pay for a higher rate limit just for the Lemmios servers (definitely ideal but Lemmios hasn't made any money yet and I'm a highschooler with very limited funds lol, I'll drop a donation link just in case anyone is feeling insanely generous)
What does everyone here think is the best option?
How do notifications currently work? Does your server poll lemmy.world ever x amount of time?
Yeah exactly, currently the only option is polling and through some talking to them I decided current period per user is around 2 minutes
I have 0 knowledge about the Lemmy API, but doesn’t it support something like a web hook?
No, you might be thinking of the websockets that used to be supported but the API was overhauled since it was too taxing and the websocket endpoints have been removed
How does the memmy backend solves this issue?
Anyway I don’t like the idea of a 3rd party pns as long as there is no oAuth (or something similar) in place, I guess your backend has to store the users credentials or security tokens?
I don’t believe that Memmy has a solution, last I checked they just don’t support notifications on Lemmy.world cause they had about 2x the requests of the next highest api user and their IP got banned. (Details might be foggy I talked to Rudd like a week ago about this)
And yes I agree that oauth is definitely the solution, however for now at least with open source apps (and backends) it is possible to make sure that only the auth token (never passwords) is sent and that the backend only uses it for the right reasons. It is also important to mention that even with oauth the app would have to send the auth token to the backend (Apollo for Reddit did this for context).