{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
5
Question by tpearson · Apr 13, 2015 at 06:02 PM · 4k Views edgequotaapikey

How does the Edge quota policy work when no identifer is specified?

In the Quota Policy documentation, I can see an identifier element which is optional

http://apigee.com/docs/api-services/reference/quota-policy

If I leave out this optional identifier element, how does the policy behave?

The reason I'm asking is because we had one user send a lot of requests over the weekend. One of the APIs was missing this identifier element, and as a result, all users got an over quota error.

I would like to apply the quota per-developer. Right now, for other APIs, we have an apikey query parameter that is sent with every request, and I use this to manage the quota using the identifier element

<Identifier ref="request.queryparam.apikey"/>

This has the obvious loophole that you can bypass the quota simply by issuing a new API key on your account. We'd like to have the quota per account rather than per-key.

Is that how the default works?

Would I have to extract the developer profile and use the email address to enable this functionality?

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

4 Answers

  • Sort: 
avatar image
9
Best Answer

Answer by ozanseymen   · Apr 13, 2015 at 06:10 PM

Hello,

If you leave the identifier element empty, one rate limit is enforced for all requests into that API Proxy. i.e. every request from all applications, all developers, all ip addresses, etc. will use the same quota counter. If the quota calls for 100 requests per minute, and one instance of an app uses 90 requests in the first 10 seconds, then all other instances of all other apps will be allowed only 10 requests for the balance of that minute.

If you would like your quota to work per developer, you can use the context variables 'developer.id' or 'developer.email' instead:

<Identifier ref="developer.id" />

Or

<Identifier ref="developer.email" />

These variables are available to policies that execute in the flow after the "Verify API Key" policy.

Comment
Add comment Show 4 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image tpearson · Apr 13, 2015 at 07:10 PM 0
Link

Thanks Ozan, that's very helpful. Presumably the same applies for Spike Arrest, right? No identifier makes it a global spike arrest for all API users, but an identifier will make it a specific spike arrest for that whatever you identify?

avatar image ozanseymen ♦♦ tpearson   · Apr 13, 2015 at 08:13 PM 0
Link

That's exactly spot on - the same applies to spike arrest.

avatar image Sujith Mathew · Oct 17, 2015 at 06:50 AM 0
Link

Hi ,

Is there anywhere documented where values which can be passed on to " Identifier" for qouta

Thanks in advance.

Regards

Sujith Jacob Mathew

avatar image Anil Sagar @ Google ♦♦ Sujith Mathew   · Oct 19, 2015 at 02:09 AM 0
Link

@Sujith Mathew , Any Apigee Flow variable can be used as "identifier" . For more details on flow variables refer here. You can also set custom variables using javascript policy or assign message policy.

avatar image
1

Answer by pparekh · Apr 14, 2015 at 04:03 PM

Hi @tpearson,

To add to what @Ozan Seymen mentioned in his response, here are all the variables that are available to you after the API Key is validated by the 'validate API key' policy.

You can use not only developer.id, developer.email, and many other out-of-the-box variables, but also custom attributes that you may have assigned to the App, Developer (or Company).

For example, you may want to associate different weights to requests coming from different Apps, Developers (or Companies) to affect the behavior of the Quota and Spike Arrest policies. These different weights can be configured as custom attributes and used as the value for the Message Weight at runtime. Here are links to learn more about Message Weight configuration for Quota and Message Weight configuration for Spike Arrest policies.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Will Witman · Mar 26, 2018 at 05:43 PM

Please note that we've recently updated the Quota documentation to advise against using any of the following values for the Quota Identifier:

  • developer.id
  • developer.app.id
  • company.id

The reason is that the two developer.* IDs and company.id are generated internally by Apigee and cannot be guaranteed to remain constant over time. For example, Apigee could change the format or length of these IDs.

Please keep this advice in mind when using the Quota policy.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by phanim1 · Apr 08, 2019 at 10:33 AM

If there is no Identifier in the quota policy, the default bucket will be used. With the default bucket used, if the following count is used

<Allow count="270000" countRef="apiproduct.developer.quota.limit"/>

and come products have not defined apiproduct.developer.quota.limit then the actual quota allowed becomes undefined. That is, we expect that 270000 is used for the products which have not defined the apiproduct.developer.quota.limit but it may not be the case.

Setting the identifier would be the right solution

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Follow this Question

Answers Answers and Comments

21 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Can I get a different apikey for the same developer for each different product? 3 Answers

Can I be sure that all incoming apikeys are 32 alphanumeric characters? 1 Answer

Quota Policy - Throws NullPointerException 2 Answers

Is it possible to generate consumerKey and consumerSecret Key Manually? 1 Answer

EDGE 13 node cluster installation doubt 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Articles
  • Ideas
  • Badges