How do the quota settings on an API product interact with quota policies in an API proxy?

I can add quota settings to an API product, and I can also add quota policies to an API proxy. How do those settings interact? Also, how do I reference quota settings on the product in a quota policy?

Solved Solved
6 6 9,970
1 ACCEPTED SOLUTION

Good question, this brings up a common misconception about quota settings on an API product.

API products have a set of fields called "Quota" that allow you to configure how many requests per number of time periods (like 10 requests per 1 second) you want to allow. Just configuring this does NOT enforce quotas though!

Quotas are only enforced by adding a quota policy into your proxies. The configuration of the API Product Quota fields will populate variables that are accessible in your proxy, and these variables can be fed into a quota policy.

For example, if I have a VerifyAPIKey policy named VerifyKey, I'll have the following variables populated upon verification of a key with the Quota fields set as 10 requests per 1 second:

verifyapikey.VerifyKey.apiproduct.developer.quota.limit = 10

verifyapikey.VerifyKey.apiproduct.developer.quota.interval = 1

verifyapikey.VerifyKey.apiproduct.developer.quota.timeunit = second

I can then set the Quota policy like this (if the field is not set, I'm allowing a default of 2 calls per minute):

<Quota async="false" continueOnError="false" enabled="true" name="MyQuota" type="calendar">
    <Allow count="2" countRef="verifyapikey.VerifyKey.apiproduct.developer.quota.limit"/>
    <Interval ref="verifyapikey.VerifyKey.apiproduct.developer.quota.interval">1</Interval>
    <TimeUnit ref="verifyapikey.VerifyKey.apiproduct.developer.quota.timeunit">minute</TimeUnit>
    <Identifier ref='verifyapikey.VerifyKey.client_id'/>
    <Distributed>true</Distributed>
    <Synchronous>false</Synchronous>
    <StartTime>2015-02-13 12:00:00</StartTime>
</Quota>

View solution in original post

6 REPLIES 6

Good question, this brings up a common misconception about quota settings on an API product.

API products have a set of fields called "Quota" that allow you to configure how many requests per number of time periods (like 10 requests per 1 second) you want to allow. Just configuring this does NOT enforce quotas though!

Quotas are only enforced by adding a quota policy into your proxies. The configuration of the API Product Quota fields will populate variables that are accessible in your proxy, and these variables can be fed into a quota policy.

For example, if I have a VerifyAPIKey policy named VerifyKey, I'll have the following variables populated upon verification of a key with the Quota fields set as 10 requests per 1 second:

verifyapikey.VerifyKey.apiproduct.developer.quota.limit = 10

verifyapikey.VerifyKey.apiproduct.developer.quota.interval = 1

verifyapikey.VerifyKey.apiproduct.developer.quota.timeunit = second

I can then set the Quota policy like this (if the field is not set, I'm allowing a default of 2 calls per minute):

<Quota async="false" continueOnError="false" enabled="true" name="MyQuota" type="calendar">
    <Allow count="2" countRef="verifyapikey.VerifyKey.apiproduct.developer.quota.limit"/>
    <Interval ref="verifyapikey.VerifyKey.apiproduct.developer.quota.interval">1</Interval>
    <TimeUnit ref="verifyapikey.VerifyKey.apiproduct.developer.quota.timeunit">minute</TimeUnit>
    <Identifier ref='verifyapikey.VerifyKey.client_id'/>
    <Distributed>true</Distributed>
    <Synchronous>false</Synchronous>
    <StartTime>2015-02-13 12:00:00</StartTime>
</Quota>

That's very helpful, thanks! But what does the verifyapikey.VerifyKey.client_id variable refer to?

verifyapikey.VerifyKey.client_id this variable is populated after the execution of apikey validation policy. This contains the current apikey with which the call came in. This configuration ensures the quota is applied at each unique apikey level.

Hi,

I have used the same way to apply quota policy to the proxy for various products accessing it via developer apps with different quota intervals for monthly usage. Is there any management api call available to get the current monthly usage of each product/developer app on that proxy?

@Mike Dunker

Hi,

If I have more than one API proxy in a product, Is counter distributed to both APIs (or) each API proxy will have it's own counter to determine quota voilation error?

for ex: quota limit defined on API product is 10 requests every 1 minute. API product has two API proxies ( API1, API2).

If API1 got 3 requests and API2 got 7 requests in one minute duration.

then 4th call to API1 will fail with rate limit error? (or) would API1 accept 10 requests & API2 accepts 10 requests?

@soujanyaedunuri

Answer for your question is you should have different quota settings for each API.Quota is not distributed among the API's which are under one product.

Please find the more information in this link.
https://docs.apigee.com/api-services/reference/quota-policy