Cloudflare Worker Unexpected High Usage of API Requests – How to Avoid Surprising Billing? | ninjasquad
I was a bit surprised to see the billing spikes this month for CloudFlare Worker. As one of the “Free” API has a huge number of requests.
Everything comes at a price. The CloudFlare worker has the following pricing plans:
I contacted the CloudFlare’s Technical/Billing Team, and they provide me the details of Usage:
And they added:
Workers Usage Review
We have reviewed your account records as well as the respective Workers charges linked to the usage period of 07/25/2022 – 08/24/2022.
When doing so, we are pulling the data for the usage period in a different system from the one that was used to collect data for invoice CFUSA5139857, which was issued on August 25th, 2022. We then pull the data and compare against the one on your invoice.
We consider what you have been invoiced correctly if:
The second data set shows the same usage amount as the data set you were invoiced for,
The second data set shows a usage amount that is slightly above the usage amount in the data set you were invoiced for,
The second data set shows a usage amount that is slightly below the usage amount in the data set you were invoiced for.
We consider that you have been invoiced incorrectly if:
The second data set shows a usage amount that is a lot or more than just slightly above the usage amount in the data set you were invoiced for;
The second data set shows a usage amount that is a lot or more than just slightly below the usage amount in the data set you were invoiced for.
The second data set shows the exact usage amount as the data set your invoice is based on.
Invoiced Usage Amount:106,342,195
Invoiced Usage Charge:$48.00
Second Data Set Usage Amount:106,342,195
Second Date Set Usage Charge:$48.00
Then after an investigation – we can find out the number of requests and subsequent requests for the last 30 days for each worker, I have to disable the “Free-tier” of one of my API.
I even renamed the API so that no more surprise.
Avoid Billing Surprise of CloudFlare Worker
Unfortunately, CloudFlare does not provide a Usage Cap on Paid Worker Plan, but here are things we can do to avoid a billing surprise:
- Require Authentication e.g. Bearer Token, for your CloudFlare Worker
- Rate Limit Your CloudFlare Worker
- Disallow the Bots Access
- set up billing usage notification email to report when the number of requests exceeds a threshold.
- downgrade to Free Tier for free APIs. Free Tiers have a daily 100K requests and won’t charge you if there is a spike. The APIs will get status code 1000+ to reflect the rate limited.
- avoid exposing the API endpoint unless you have to (providing public APIs)
On the free tier, if the limit is exceeded, we can let the requests fall through to an origin, if one, or block the requests, and not get billed.
Here are the spikes in those two days:
The Cloudflare Worker is not rate limited except as DDos Protection. And No matter what returns (even non success status code 404, 401) from the Worker, it is still counted as a request. However, we can Add Route in the Trigger tab of a Worker, and Bind it to a Domain, and then Configure Firewall Rules or Enable Bot Flight Mode to avoid Bots Crawling the Cloudflare Worker(s).
Also, we can configure the Bots in Google’s Webmaster or Bings’ Webmaster to slow down the access rate of their crawler.
–EOF (The Ultimate Computing & Technology Blog) —
GD Star Rating
Last Post: Teaching Kids Programming – Reduce Array Size to The Half via Counting (Greedy, Hash Table)
Next Post: Teaching Kids Programming – Number of Zero-Filled Subarrays (GroupBy Algorithm + Math Counting)