Rate limit based on API Key and Query Param

Question

Hi,

I was going through the documentation on rate limiting policy based on client apps, and found it a bit confusing.

Is there a way that I can specify a rate limit based on API key? For example, for API Key = 1, set a limit of 100 requests, for API key = 2, set a limit of 200, and so on?

Another question is, is it possible to control rate limits based on a query param? ie, we add a query param named "client". If client = A, set the rate limit as 100, if client = B, set the rate limit as 200 and so on.

Again, the current documentation did not really help.

Can anybody please help?

Answer 1

Best Answer

Answer by Dino · Mar 02, 2017 at 11:55 PM

You will use API Products to set the different quota limits.

Configure Product1 with quota limit 100

Configure Product2 with quota limit 200

Provision app1 onto Product1

Provision app2 onto Product2

Then use two policies, in this order:

a VerifyApiKey policy
a Quota policy that references the API-product specific quota limit. This limit is implicitly retrieved into the MessageContext by the VerifyApiKey.

The Quota uses an Identifier element. If you want, you can refer to a queryparam in that identifier. Usually the ID is the developer app id, or the client id. You can pass it in a header, or query param, or where-ever you like.

<Quota name="CheckQuota">
  <Identifier ref="request.queryparam.vinodh"/> 
  <Interval>1</Interval>
  <TimeUnit>hour</TimeUnit>
  <Allow count="200" countRef="verifyapikey.verify-api-key.apiproduct.developer.quota.limit"/>
</Quota>

See the documentation on the Quota policy for more information. There are screencasts explaining this.

Add comment · Link

10 |5000 characters needed characters left characters exceeded

Answer 2

Answer by gbhandari · Dec 17, 2016 at 09:10 AM

Hi @Vinodh

Please go through the below link, I guess it might be helpful;,

https://community.apigee.com/questions/35553/is-it-possible-to-have-two-quota-policies-attached.html

Add comment · Link

10 |5000 characters needed characters left characters exceeded

Answer 3

Answer by vbalan · Feb 06 at 06:21 PM

Hi,

In order to make the quota policy work,

I had to add the proxy to the product,

also added a few additional fields to the Quota policy -

<Quota name="Quota-operation">
   <Identifier ref="request.queryparam.apikey" />
   <Interval ref="verifyapikey.Verify-API-Key-1.apiproduct.developer.quota.interval">1</Interval>
   <TimeUnit ref="verifyapikey.Verify-API-Key-1.apiproduct.developer.quota.timeunit">minute</TimeUnit>
   <Allow count="5" countRef="verifyapikey.Verify-API-Key-1.apiproduct.developer.quota.limit" />
   <Synchronous>true</Synchronous>
   <Distributed>true</Distributed>
</Quota>

Add comment Show 1 · Link

10 |5000 characters needed characters left characters exceeded

vbalan · Feb 06 at 06:22 PM 1

Link

Thank you @Sai Saran Vaidyanathan, @Dino

Get answers, ideas, and support from the Apigee Community

Rate limit based on API Key and Query Param

3 Answers

Follow this Question

Related Questions