Manual Chapter : Adding API Rate Limiting to a per-request policy
Applies To:Show Versions
- 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Adding API Rate Limiting to a per-request policy
Because the API Rate Limiting agent enforces rate limiting configurations developed in an API protection profile, you need to have created the profile, and it must include at least one rate limiting configuration, and any responses you want to use.
When you create an API protection profile, the system automatically develops a per-request policy based on the settings you provided. You can edit the per-request policy to add an API Rate Limiting agent at specific points to enforce rate limiting, spike control, whitelists, and blacklists for each API request.
- On the Main tab, click.
- In the Per-Request Policy column of the API protection profile, clickEdit.The visual policy editor opens the per-request policy in a separate screen.
- On a policy branch, in the location where you want to enforce rate limiting, click+.For example, if the policy includesClassify API Request (RCA), the Request Classification Agent, you may want to apply different levels of rate limiting to different classes of requests and would click the+after that agent.The API Rate Limiting agent has to be located in the main policy branch (or macro) and never in a subroutine.A popup screen displays actions on tabs and provides a search field.
- On the Traffic Management tab, selectAPI Rate Limiting, then clickAdd Item.The API Rate Limiting agent opens.
- ForName, use the default name for the action that appears in the API protection per-request policy (API Rate Limiting, by default).
- ForEnforce BlacklistandEnforce Whitelist, selectEnabledorDisabled.In the agent, blacklists are enabled by default. Whitelists are disabled.If enabled, requests identified in the blacklist are sent to the fallback branch and trigger the selected response.
- To optionally specify aResponse, select one of the responses that were previously developed on the Responses tab of the API protection profile.
- Add at least one Rate Limiting Configuration:
- ClickAdd New Entry.
- From theRate Liming Configurationlist, select a configuration previously developed on the Rate Limiting tab of the API protection profile.
- To assign a weight to API requests identified by this rate limiting configuration, type a number (greater than 0 and less than the quota and spike limit). By default, the weight of every request is 1.If assigning more than one rate limiting configuration, you can assign a higher weight to one of them, for example, so you can control the amount of support provided to different applications.
- To add more configurations, repeat the previous steps. At that point, you can use the arrows on the right to order the configurations for use in the per-request policy.
- By default, a successful and fallback branch is created. You can adjust the branching, if needed.
- At the bottom of the screen, clickSave.
An API Rate Limiting agent is created in the per-request policy, and it will limit the number of requests to the API server protected by this policy. Results of rate limiting are set in the
Refer to the rate limiting use cases for examples of how you can apply rate limiting to each request in a per-request policy.