Please make sure the API Security Policy
requires Client ID. The Client ID locks the subscription to a Plan (therefore, Rate limit). If there are multiple plans for the product, make sure the Client ID subscribes to only one plan.
------------------------------
Ravi Ramnarayan
Technical Account Manager - Expertise Connect
IBM
------------------------------
Original Message:
Sent: Tue August 02, 2022 03:47 AM
From: Mohammad Al-Haddad
Subject: Using Client Security and Ratelimit Policy in the same flow
lets say the api is under product which has plan that is rate limited to 10 call per hour which subscribed to client A
Client A call the api, when he call the api it doesn't know who is the caller, until it goes in client-security policy which check the client id. then i need to apply rate limit.
what i tested is it take the rate limit of collection not the product plan the api published under it.
------------------------------
Mohammad Al-Haddad
Original Message:
Sent: Tue August 02, 2022 03:27 AM
From: Rosh
Subject: Using Client Security and Ratelimit Policy in the same flow
Hi,
I'm not too sure I understand the question correctly.
You can control who subscribes to an API through the Product. This can be taken further with the use of "Groups/Communities" which restricts access to only those members who are part of you the Group or Community. Rate limits can be set for all APIs under the product or they can be set specifically per API. The configuration for both methods is done on the API Product.
------------------------------
Rosh
Original Message:
Sent: Mon August 01, 2022 08:38 AM
From: Mohammad Al-Haddad
Subject: Using Client Security and Ratelimit Policy in the same flow
Hello, Anyone is able to use Client Security and Ratelimit Policy which mean authenticate the client and get know which plan is the application subscribed to take that plan limit.
------------------------------
Mohammad Al-Haddad
------------------------------