Configure Multiple Quota for an API Proxy in Apigee Edge

Requirement How do I configure multiple Quotas (by minute, hour, day, week, month) for my APIs in Apigee Edge?

Rate Limiting Policies in Edge

To maintain performance and availability across a diverse base of client apps, it's critical to maintain app traffic within the limits of the capacity of your APIs and backend services. It's also important to ensure that apps don't consume more resources than permitted. Apigee Edge provides three mechanisms (Quota, Spike Arrest and Concurrent Rate limiting policies) that enable you to optimize traffic management to minimize latency for apps while maintaining the health of backend services. Each policy type addresses a distinct aspect of traffic management. In some cases, you might use all three-policy types in a single API proxy. The comparison on this page is a great resource - http://docs.apigee.com/api-services/content/comparing-quota-spike-arrest-and-concurrent-rate-limit-p... in deciding which policy to use.

Quota Policy

A Quota is an allotment of request messages that an API proxy can handle over a time period, such as minute, hour, day, week, or month. The Quota policy maintains counters that tally the number of requests received by the API proxy. This capability enables API providers to enforce limits on the number of API calls made by apps over an interval of time.

You can set quota limits in API Product configurations. There are advantages of setting a quota on the product for quota policies to reference :

- Quota policies can use a uniform setting across all API proxies in the API product.

- You can make runtime changes to the quota setting on an API product, and quota policies that reference the value automatically have updated quota values.

Those limits don't automatically enforce quota. You enforce them using a Quota policy in your API Proxy and reference product quota settings. Here is an example :

<Quota name="CheckQuota">
 <Interval ref="verifyapikey.verify-api-key.apiproduct.developer.quota.interval”/>
 <TimeUnit ref="verifyapikey.verify-api-key.apiproduct.developer.quota.timeunit”/>
 <Allow countRef="verifyapikey.verify-api-key.apiproduct.developer.quota.limit"/>
</Quota>

In the example above, the API proxy containing the Quota policy uses a VerifyAPIKey policy, named verify-api-key, to validate the API key passed in a request. The Quota policy then accesses the flow variables from the VerifyAPIKey policy to read the quota values set on the API product. You can see more examples here - http://docs.apigee.com/api-services/reference/quota-policy

Each Quota policy can enforce one quota limit for a given time-unit and interval. To enforce multiple quota limits for different intervals (minute, hour, day etc.) we need to place multiple quota policies sequentially on the API Proxy request flow.

Set-up

  • Create an API Product with following configuration.

2070-product-definition.jpg

The custom attributes quotaperminute, quotaperhour and quotaperday indicate value of quota limits per minute, hour and day respectively. We will reference these variables in our Quota policy. With this configuration, an app associated to this product can make 10 calls per minute, 100 calls per hour, 1000 calls per day and 10000 calls per day.

  • Add a verify API policy, followed by multiple quota policies on the Proxy Endpoint, Request path of your API Proxy (api1) as shown below - 2072-api-definition.jpg

    We will add one Quota policy per time-unit and interval we need to support. In the example above we have four Quota policies with names - Quota-Minute, Quota-Hour, Quota-Day and Quota-Month. Quota-minute enforces a minute level quota referencing the variable 'quotaperminute' configured on the Product. Similarly Quota-Hour, Quota-Day and Quota-Month polices refer respective values and enforce hourly, daily and monthly quotas. (NOTE : API Proxy bundle is attached for your reference).

    Your proxy end point configuration should look like this :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
    <Description/>
    <FaultRules/>
    <PreFlow name="PreFlow">
        <Request>
            <Step>
                <Name>Verify-API-Key-1</Name>
            </Step>
            <Step>
                <Name>Quota-Minute</Name>
            </Step>
            <Step>
                <Name>Quota-Hour</Name>
            </Step>
            <Step>
                <Name>Quota-Day</Name>
            </Step>
            <Step>
                <Name>Quota-Month</Name>
            </Step>
        </Request>
        <Response/>
    </PreFlow>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
    <Flows/>
    <HTTPProxyConnection>
        <BasePath>/api1</BasePath>
        <Properties/>
        <VirtualHost>default</VirtualHost>
    </HTTPProxyConnection>
    <RouteRule name="default">
        <TargetEndpoint>default</TargetEndpoint>
    </RouteRule>
</ProxyEndpoint>

Your Quota-Minute should like this :

2073-minute-quota.jpg

With this configuration Apigee Edge maintains a central quota counter for the across all Message Processors and synchronises continuously. Also enforces the Quota based on the value configured for "quotaperminute". The counter is reset every minute. Your hourly and daily quota will have similar configuration, except that Interval and TimeUnit fields vary.

NOTE - This policy is computationally expensive so, for high-traffic APIs, it should configured for longer time intervals, such as a day or month. This policy should be used to enforce business contracts or SLAs with developers and partners, rather than for operational traffic management.

Your Quota-Month should like this :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Quota name="Quota-Month">
    <Interval ref="verifyapikey.Verify-API-Key-1.apiproduct.developer.quota.interval"/>
    <TimeUnit ref="verifyapikey.Verify-API-Key-1.apiproduct.developer.quota.timeunit"/>
    <Allow countRef="verifyapikey.Verify-API-Key-1.apiproduct.developer.quota.limit"/>
</Quota>

This policy accesses the flow variables from the VerifyAPIKey policy to read the quota values set on the API product.

When a call is made on this API, all these policies are executed sequentially on the request flow. The quota policies are enforced based on the configured values for different time intervals.

You can add custom variables while creating Developer Apps with different quota limits and enforce them in a Quota policy by referencing those custom attributes.

Hope this article helps!

api1-rev5-2016-02-28.zip

Version history
Last update:
‎02-28-2016 02:22 PM
Updated by: