Hi ,
We came across a scenario where we need to restrict Api calls based on Access Token.
example: if 100 API calls is allowed on Unique Access Token , 101th API call to same Access token should terminate.
Can we Achieve this using Spike Arrest Policy , if Yes, can you help us how we can achieve .
Regards,
Ramakrishna
@siva @Dino @Dino-at-Google @Anil Sagar @ Google @Anil Sagar Could you please suggest
you can use the Quota policy to restrict the number of request to an proxy by using "identifier" tag in Quota Policy, identifier being accessToken.
<Identifier ref="identifierKey"/>
You must use these policies, in this order:
The Quota will look like this:
<Quota name="Quota-1" type='flexi'> <Identifier ref='access_token' /> <Distributed>true</Distributed> <Synchronous>false</Synchronous> <Interval>1</Interval> <TimeUnit>hour</TimeUnit> <Allow count='100' countRef='variable_containing_count'/> </Quota>
Some comments:
The config shown here specifies a hard limit of 100 requests per 1 hour. There is a way to specify the limit, interval, and timeunit in configuration. Do this in the API Product screen. If you choose to use this, you must modify the configuration to reference the configured limits, like this:
<Quota name='Quota-1'> <Identifier ref='access_token' /> <Allow countRef='apiproduct.developer.quota.limit' count='100'/> <Interval ref='apiproduct.developer.quota.interval'>1</Interval> <TimeUnit ref='apiproduct.developer.quota.timeunit'>hour</TimeUnit> <Distributed>true</Distributed> <Synchronous>false</Synchronous> </Quota>