A Chinese Language Teacher's API Security Check (3) : Pressure and Compatibility, Can You Withstand It?
Source: Dev.to
Introduction
Hello everyone, I’m @xiaoqiangapi, a former Chinese teacher who now runs a Chinese large‑model API relay service. In this third installment I’m not trying to attack the API but to test its resilience – can it handle a sudden wave of requests or extremely long inputs?
The tools remain the same: Postman and Windows’ built‑in curl. This is an honest test conducted by a non‑security expert.
Test 1 – Rate‑Limiting Behaviour
Purpose: Verify whether the API returns HTTP 429 (Too Many Requests) when bombarded with rapid consecutive calls.
Result: Multiple consecutive requests were sent; the server responded normally each time and did not return a 429 status code.
- Assessment: Half‑pass. The platform is protected, but the API layer does not explicitly signal rate limiting, making it less visible to frequent malicious requests. (0.5 points)
Test 2 – Extremely Long Input
Purpose: Send a request containing several thousand repetitive characters to see if the service becomes overwhelmed or crashes.
Result: The API handled the oversized payload without error.
- Assessment: Pass.
Test 3 – Multilingual & Special‑Character Compatibility
Purpose: Mix Korean text, emojis, and other special characters into the request to check for garbling or crashes.
Result: The request included Korean characters and emojis (😊🎵). The API returned 200 OK, and the model responded normally with no garbled output.
- Assessment: Pass – multilingual and special‑character support confirmed.
Summary of “Pressure and Compatibility” Tests
| Test | Outcome |
|---|---|
| Rate‑limiting behaviour | Half‑pass |
| Extremely long input | Pass |
| Multilingual & special characters | Pass |
Overall, the API’s resilience is decent; it can withstand normal usage by ordinary developers.
Final Test – HTTPS/TLS Transport Encryption
The next step will be to evaluate the API’s transport‑layer security (HTTPS/TLS). After that, I will publish the full score sheet for the ten security tests in this series, which currently stands at 9.5 points from a layperson’s perspective.
Call for Feedback
If you have suggestions for additional testing methods or want me to try something else, please leave a comment. I’m not a security expert, so I appreciate any sharp eyes that can help improve the assessment.
Interactive Question
Have you ever been tormented by API rate limiting?
Or have you experienced an API crash because of special characters?
Share your story in the comments!