I’m working with an application (https://github.com/obahareth/has-my-gsuite-been-pwned) that uses a library ( techgaun/ ex_pwned) to check if a user account has been compromised.
Part of the “have i been pwned” api is a rate limitation. If a rate limit is in effect a “Retry-After” field will be sent back in the response header. Currently when this is returned the library errors out.
I’m not fully versed in the “let it crash” philosophy so i’m struggling with where the logic needs to sit to handle waiting and retrying the request. Pros to having it at the application level is the library will be more transparent to what is actually happening. Pros to having it at the library level is a more simplified application.
Recommendations?