In our application we are opening up the rest services for external use for a number of different developers to program against. We are allowing users to hit the Entity services as well as pre-built API queries. What I don’t want to have happen is for some developer to bring the system to its knees by arbitrarily selecting EVERYTHING from a table. Is there a way to limit the number of objects that get returned per request, or somehow require that they use the limit parameter and validate that it doesn’t go higher than a number e.g. 500? This sounds like it would be a core setting somewhere but I haven’t been able to find it.
Thanks.