Solved: Configuring the Quota policy to check all products...

Report Inappropriate Content · 02-23-2017 06:56 AM

We offer a bunch of API proxies through a single public API product, with a global quota product quota for all APIs. We check this product quota through the Quota policy, like so

    <Allow countRef="verifyapikey.verify-api-key.apiproduct.developer.quota.limit"/>
    <Interval ref="verifyapikey.verify-api-key.apiproduct.developer.quota.interval"/>
    <TimeUnit ref="verifyapikey.verify-api-key.apiproduct.developer.quota.timeunit"/>
    <Identifier ref="developer.email"/>

For privileged internal users, we would like to offer a larger quota for some proxies... so we create a second XL Product with a larger quota, add those proxies to it, and associate these users with this new XL product, as well as the regular one.

However, this doesn't fix the issue because, if the regular product is over quota, the quota policy fails immediately without considering the XL Product quota.

How can I configure the Product Quota policy of my proxies to consider all the products that apply this proxy, and fail only if none of them has quota, instead of failing on the first one?

DChiesa

I think I understand the problem.

The credentials (apikey) are associated to more than one API product, and you're getting the quota data from the "Not XL" product , and you'd like the proxy to take the quota data from the XL product.

Unfortunately if the credentials are good for more than one product, there is no way (AFAIK) to tell the VerifyApiKey policy: This is the PRIMARY product, I Want you to use the quota data from THIS ONE.

The solution is to associate a credential with a single API product. In that way you will know that the produce quota data is the data you want.

I don't understand why you would include the "regular product" in the credential that grants access to the XL product. You shouldn't need to do this. If your regular product has access to (proxy1,proxy2,proxy3), then just do the same for the XL product, but set the quota higher.

Any reason why you can't do that ?

View solution in original post

DChiesa

I think I understand the problem.

The credentials (apikey) are associated to more than one API product, and you're getting the quota data from the "Not XL" product , and you'd like the proxy to take the quota data from the XL product.

Unfortunately if the credentials are good for more than one product, there is no way (AFAIK) to tell the VerifyApiKey policy: This is the PRIMARY product, I Want you to use the quota data from THIS ONE.

The solution is to associate a credential with a single API product. In that way you will know that the produce quota data is the data you want.

I don't understand why you would include the "regular product" in the credential that grants access to the XL product. You shouldn't need to do this. If your regular product has access to (proxy1,proxy2,proxy3), then just do the same for the XL product, but set the quota higher.

Any reason why you can't do that ?

Report Inappropriate Content

Sure - this is what we do today, it's just a pain in the ass to maintain multiple identical products with different quotas

DChiesa

oh, I see what you mean.

Do you not just provision those products with calls to the admin API ?

I would think it would be six of one, half-dozen of the other, whether you have 2 products or 1. With a script it should be pretty simple to do. I can create for you a bash script or a powershell script or a nodejs script that would do it. Just give it the product name, the list of api proxies, the org, and the environment (if any) and it will create a product for you. You could augment the basic info and add in parameterization of the quota data. Then just run the script twice...

Report Inappropriate Content

No - we use the Edge UI to manage the products... maybe that's what makes it painful!

Thanks anyway, at least we now know we're not missing out on a feature that would help us.

Configuring the Quota policy to check all products applying to this API proxy