Manual Chapter :
Overview: Rate limiting API requests
Applies To:
Show VersionsBIG-IP APM
- 16.0.0
Overview: Rate limiting API requests
At the same time you are configuring APM as an API protection proxy, you can
also establish quotas and spike arrest limits to maintain API traffic so that it stays within the
limits of the capacity of the applications and backend API servers. This way, you can control API
traffic loads based on system requirements.
In the API Protection profile, you can enforce rate limiting in the
following ways:
- Configure and enforce quota limits for API calls using configurable settings such as Client ID, User Group, Client IP address, User Name, multiple values (like User Group and User Name), or a perflow variable name.
- Control traffic spikes by limiting the number of API requests over shorter intervals.
- Create a whitelist or blacklist to allow or reject requests identified by key and key values.
- Generate responses when quota, spike, or blacklist enforcement rejects API requests.
This section describes how to manually configure rate limiting within an
existing API protection profile that is associated with a virtual server. For details on creating
API protection profiles, refer to
Protecting APIs with Access Policy
Manager
. For a simpler, automated setup procedure, you can instead follow the steps in
the API Protection
template using
.