There are three rate-limit policies:
-
Quota: configures the number of requests allowed over a period of time (hours, days, weeks, months)
-
Rate-Limit: configures the number of requests allowed over a limited period of time (seconds, minutes)
-
Spike-Arrest: throttles the number of requests processed and sends them to the backend to avoid a spike
You can configure the policies with the following options:
The Quota policy configures the number of requests allowed over a large period of time (from hours to months). This policy does not prevent request spikes.
| Property | Required | Description | Type | Default |
|---|---|---|---|---|
key |
No |
Key to identify a consumer to apply the quota against. Leave it empty to apply the default behavior (plan/subscription pair). Supports Expression Language. |
String |
null |
limit |
No |
Static limit on the number of requests that can be sent (this limit is used if the value > 0). |
integer |
0 |
dynamicLimit |
No |
Dynamic limit on the number of requests that can be sent (this limit is used if static limit = 0). The dynamic value is based on Expression Language expressions. |
string |
null |
periodTime |
Yes |
Time duration |
Integer |
1 |
periodTimeUnit |
Yes |
Time unit ( |
String |
MONTHS |
The Rate-Limit policy configures the number of requests allow over a limited period of time (from seconds to minutes). This policy does not prevent request spikes.
| Property | Required | Description | Type | Default |
|---|---|---|---|---|
key |
No |
Key to identify a consumer to apply rate-limiting against. Leave it empty to use the default behavior (plan/subscription pair). Supports Expression Language. |
String |
null |
limit |
No |
Static limit on the number of requests that can be sent (this limit is used if the value > 0). |
integer |
0 |
dynamicLimit |
No |
Dynamic limit on the number of requests that can be sent (this limit is used if static limit = 0). The dynamic value is based on Expression Language expressions. |
string |
null |
periodTime |
Yes |
Time duration |
Integer |
1 |
periodTimeUnit |
Yes |
Time unit ("SECONDS", "MINUTES" ) |
String |
SECONDS |
The Spike-Arrest policy configures the number of requests allow over a limited period of time (from seconds to minutes). This policy prevents request spikes by throttling incoming requests. For example, a SpikeArrest policy configured to 2000 requests/second will limit the execution of simultaneous requests to 200 requests per 100ms.
By default, the SpikeArrest policy is applied to a plan, not a consumer. To apply a spike arrest to a consumer, you need to use the key attribute, which supports Expression Language.
| Property | Required | Description | Type | Default |
|---|---|---|---|---|
key |
No |
Key to identify a consumer to apply spike arresting against. Leave it empty to use the default behavior. Supports Expression Language (example: |
String |
null |
limit |
No |
Static limit on the number of requests that can be sent (this limit is used if the value > 0). |
integer |
0 |
dynamicLimit |
No |
Dynamic limit on the number of requests that can be sent (this limit is used if static limit = 0). The dynamic value is based on Expression Language expressions. |
string |
null |
periodTime |
Yes |
Time duration |
Integer |
1 |
periodTimeUnit |
Yes |
Time unit ( |
String |
SECONDS |
You can use the response template feature to override the default response provided by the policies. These templates must be defined at the API level (see the API Console Response Templates option in the API Proxy menu).
The error keys sent by these policies are as follows:
| Key | Parameters |
|---|---|
RATE_LIMIT_TOO_MANY_REQUESTS |
limit - period_time - period_unit |
QUOTA_TOO_MANY_REQUESTS |
limit - period_time - period_unit |
SPIKE_ARREST_TOO_MANY_REQUESTS |
limit - period_time - period_unit - slice_limit - slice_period_time - slice_limit_period_unit |