This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to perform throttling based on Access Key

Posted on 12-07-2016 09:06 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I'm very new to Apigee Platform. We want to use Apigee Edge for throttling and as a proxy. Apigee shouldn't be managing any kind of app/user registration and it should only throttle based on the access keys that we provide through our interface to the customers. Apigee should throttle based on the access key that we provide to our customers. Each customer gets a unique Access key/Secret Access key and our final goal is to limit the user/app to perform only certain number of request per day.

Could someone please guide me how to set this up?

0 2 332
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Hi tech guy.

You would add a Quota policy, configured like this:

<Quota name='Quota-1'>
    <Identifier ref='request.header.accesskey' />
    <Allow count='1000'/>
    <TimeUnit>day</TimeUnit>
    <Distributed>true</Distributed>
    <Synchronous>false</Synchronous>
<!--
variables set by this policy include:

ratelimit.{policy_name}.allowed.count
ratelimit.{policy_name}.used.count
ratelimit.{policy_name}.available.count
ratelimit.{policy_name}.exceed.count
ratelimit.{policy_name}.total.exceed.count
ratelimit.{policy_name}.expiry.time
ratelimit.{policy_name}.identifier
ratelimit.{policy_name}.class
ratelimit.{policy_name}.class.allowed.count
ratelimit.{policy_name}.class.used.count
ratelimit.{policy_name}.class.available.count
ratelimit.{policy_name}.class.exceed.count
ratelimit.{policy_name}.class.total.exceed.count
-->
</Quota>

You can see a full tutorial on the Quota policy, here on community.

0 Likes

Posted on --/--/---- --:-- AM
hanselm
Staff
Reply posted on --/--/---- --:-- AM

Hi tech guy,

Using the SpikeArrest or Quota policies within the request flow (usually the pre-flow) of your proxy, you can configure those to throttle based on an identifier element specified within the policy. The <Identifier> element takes a "ref" attribute which you need to specify that must resolve to the value of a variable at runtime. Edge will use that value to maintain the quota counters and ratelimits for enforcement.

Typically , the client_id (apikey) is used to throttle requests for a given app, but any variable could be used.

More details on these policies are here:

http://docs.apigee.com/api-services/reference/quota-policy

http://docs.apigee.com/api-services/reference/spike-arrest-policy

<SpikeArrest async="false" continueOnError="false" enabled="true" name="Spike-Arrest-1">
    <DisplayName>Throttler</DisplayName>
    <Rate>30ps</Rate>
    <Identifier ref="client_id"/>
</SpikeArrest>
0 Likes