Hey all,
I have an idea to let my clients collect video testimonials from their users. I will build a unique but public video record and upload link/page for each one of my clients. Their users will record a video, then click upload on the page.
My question is how do I protect against abuse such as a user uploading 100s of videos and running up my storage fees? Should I grab the IP of each user uploading then save that to my db, and check it before each upload? Cookies? Local storage?
Thanks!
Top comments (4)
If your API is authenticated, you could enforce verification and/or other security protocols to limit who can actually upload videos.
A potential monetization strategy for your business could be to limit the number of testimonials to a fixed number based on pricing tier.
FREE: up to 10
10.00: up to 50
Etc
Is it essential that the videos are hosted by your service? You could instead allow them to upload a URL and require them to host it themselves on Vimeo or YouTube for example.
Thanks Brandin. We don't want to make users recording a testimonial login, so no auth options. Pricing is a good thought will think more about it. Yes, we need to host the videos on our side but that's good thinking too.
You made me think about auth, what if our upload link made you type in your email or cell number and we then text or email you a unique and private upload link. That might be good middle ground.
Any solution without authentication of some kind is going to be rife with abuse.
I would strongly consider some mechanism for authentication or identification. It doesn't necessarily need to be a login form.
How do you currently identify who your clients are?
Clients have to be authenticated, but their users (who they collect testimonials from) don't have to login to record a testimonial.
I'm with you on no auth will be rife with abuse. Trying to think of ways around it.