Manual Chapter : Creating a rate limiting configuration
Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Creating a rate limiting configuration
You develop rate limiting configurations within an API protection profile so you need to have created a profile, and specified keys with key values to classify requests.
To be able to configure multiple usage plans for different user and client groups, you can create rate limiting configurations to assign quotas and spike arrest limits based on identity keys. You can enforce the configurations for the whole API protection profile or for each method or path. To do this, you associate one or more rate limiting configurations with an API Rate Limiting agent in the API protection per-request policy.
- On the Main tab, click.
- Click the name of the API protection profile for which you are configuring rate limiting.
- On the Rate Limiting tab, in the Rate Limiting section, clickCreate.The Rate Limiting Properties section opens where you define the rate limiting configuration.
- ForName, type a unique name for the rate limiting configuration.For example, you could name the configurationsPersonalQuotaandDepartmentQuotato establish different quotas for each employee and an entire department.
- ForKeys, move the key (or keys) to which this configuration applies to theSelected Keyslist.
- ForRequest Quota, selectEnableand type the number of requests to allow for 1 - 60 minutes (default is 1 minute) for this API protection profile.In the per-request policy, requests over the quota are sent to the fallback branch.
- ForSpike Arrest, selectEnableand type the number of requests to allow for 1 - 60 seconds (default is 10 seconds) for this API protection profile.In the per-request policy, requests over the spike arrest limit are sent to the fallback branch.
- When you are done developing rating limiting configurations, at the bottom of the screen, clickSave.
You have established quotas and spike arrest limits in a rate limiting configuration that can be assigned to an API Rate Limiting agent created in an API protection per-request policy.
Next, you can create blacklists and whitelists to allow or deny certain API requests.