Rate Limiting is a mechanism to control the number of requests that can be made to an API within a certain time period. This can be used to prevent abuse, ensure fair usage, and protect the API from being overwhelmed by too many requests.
Setting rate limits enables you to manage the network traffic for your APIs and for specific operations within your APIs.
In API Connect, we can configure rate limiting on APIs and Plans to manage network traffic and API usage. We are having Rate Limit policy available in API Connect to apply one or more rate, burst, or count limits at any point in API assembly flow.
There are cases where we might need to apply rate limit based on parameters that are not defined in the rate limit scheme, such as a username, incoming IP address, or server name. To achieve that we specify the dynamic value string for the rate limit, which contains one or more context variables. The context variable can be set in a GatewayScript action or using Set Variable policy and then included in the dynamic value.
Example Use Case – An API Consumer who is subscribed to an App and the app is being used by multiple partners. We need to apply rate limit individually for each partner based on partnerId being received in header.
In this case we will create an assembly rate limit within the Plan subscribed to the Product containing API with a dynamic value string pointing to partnerId from request headers.
( Make sure the syntax for dynamic value string being provided follows as shown in below example : $(context variable) )
And In the API Assembly use Rate Limit policy with Source set as plan-named and providing the corresponding rate limit name created within plan.
With the above configurations, rate limit will be applied based on individual partnerId values being received in the request header.
Below screenshots shows rate limit reached for partnerId passed as 1234 and giving 429 HTTP code whereas when we tested with different partnerId 9876 it applied the same rate limit individually.
