Then my guess is that you have not correctly configured the security requirements on your API.
It needs to have client ID security as a minimum on all operations - check you havent accidentally added an empty security requirement in your API meaning no security is required.
If you do that then rate limits will not be enforced since they only apply when security is being enforced.
------------------------------
Chris Dudley
------------------------------
Original Message:
Sent: Mon May 13, 2024 05:53 AM
From: Rajeev Puri
Subject: Rate limit not working
what if we have added hard limits to but getting unlimited hits for apic.
------------------------------
Rajeev Puri
Original Message:
Sent: Fri May 10, 2024 11:27 AM
From: Chris Dudley
Subject: Rate limit not working
Did you make the rate limit a "hard limit" ?
The default for rate limits is a soft limit, which means that extra requests will be handled but they will be tracked. If you were doing some kind of billing then you could charge overage.
If you use hard limits then once you exceed the rate limit you will get a 429 response instead.
Different APIs call for different approaches so both are possible and it is up to you to decide what best fits your needs.
------------------------------
Chris Dudley
Original Message:
Sent: Fri May 10, 2024 08:38 AM
From: Suraj Sakpal
Subject: Rate limit not working
Hi Team,
We attempted to make 5 API hits per minute using our product's rate limit, but the limit was not being enforced and we were able to make more hits than allowed by our plan for all APIs.Currently, we have developed a single API and product for testing purposes. We have set a rate limit of 5 hits per minute, but we are still able to exceed that limit by calling the API multiple times. Can you please help us how we can configure the same on datapower level if possible for particular one api only?
------------------------------
Suraj Sakpal
------------------------------