This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

SOAP API - Limit Access and Rate Limit per operation

Posted on 04-03-2023 07:29 AM
IanCosta
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi All,

We have 1 SOAP based API with 50+ SOAP operations as part of it.

There are 3 products having access to it and corresponding 3 apps too.

We need to limit access as -

  • product 1/app1 = 5 operations
  • product 2/app2= 1 operation
  • product 3/app3 = all operations

We use OAuth 2.0 client credentials to protect the API.

The approach followed to limit the access is Option 2 presented in https://www.googlecloudcommunity.com/gc/Apigee/limit-access-for-SOAP-web-methods-in-apigee-api/m-p/3...

In addition to the above, we also need to rate limit the access to each of the operations within the product as follows -

  • product 1/app1 = operation1 = 5 transactions per second
  • product 1/app1 = operation2 = 2 transactions per second
  • product 1/app1 = operation3 = 10 transactions per second
  • product 1/app1 = operation4 = 5 transactions per second
  • product 1/app1 = operation5 = 10 transactions per second
  • product 2/app2 = operation15 = 25 transactions per second
  • product 3/app3 = operation1 = 2 transactions per second
  • ....
  • product 3/app3 = operation50 =  15 transactions per second

Any solution to achieve this will be appreciated.

Regards,

Ian

0 1 227
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

You can do what you describe with the Apigee Quota policy. 

But you cannot rely on the built-in configuration options for rate limiting. Those options assume that there is a single rate limit that applies to all requests.  It is possible to apply a "greater weight" to a particular request, but still , there is a single overall limit, a single counter per ... user. or app.  

What you want is a variety of different rate limits.  25 of this type of transaction, AS WELL AS , 5 of this other type, AS WELL AS, 15 of this other type.  Those are all distinct rate limits.  You can do that, but to make it happen you need 2 things

  • a way to codify those rules in a machine-readable format.  Like a JSON payload for example. Then, attach that JSON file as a resource into your API Proxy. 
  • a way to map from the current inbound request to one of the rate limits described in the JSON payload. This might involve an inspection  of the SOAP-Action header, or an inspection of the first child of SOAP:Body.  and then use that value to lookup into the JSON, find the rate limit. 

Once you have those things, you just call the Quota policy, referring to the dynamic values you looked up.

 

0 Likes
Top Solution Authors
View all