Quota based on Developer Id

@Anil Sagar

We have a proxy that has a quota based on developer.id. We have two products one that sets a 3k Quota limit per month and one that sets a 60k quota per 12 months. We created 2 apps with the same developer, one subscribed to the 3k product and one subscribed to the 60k product.

When we hit the endpoint with the two apps both apps got a quota limit hit rejection once we hit the endpoint 3001 times. Is this expected because the developer.id has exceeded the quota for one product? We thought that it would give us a quota limit error for the 3k product but not the 60k product.

Thanks,

Dan

0 4 539
4 REPLIES 4

Can you show the Quota policy configuration, please?

Normally the Quota applies per APIKey. In other words, the Identifier for the Quota is the API Key. This means that if you use multiple apps, they each have different API keys, and so the quota buckets are distinct. If you have key AAA1 which is authorized for Product1, and key BBB2 which is authorized for Product2, then requests made on behalf of these keys get counted in separate quotas.

If you have set the Identifier to be developer.id, then the bucket is not specific to the API key. If you make requests with multiple distinct API keys which are assigned to the same developer, then they accrue counts to the same quota.

Now, as to what the limit is, that depends on how you've configured the Quota policy.

Maybe you could explain what it is you would like to accomplish. I don't understand why you'd use separate apps (= separate keys) but a a quota identifier of developer.id. What's the point of that?

I'm not actually sure there is a valid use case for this. If so its very fringe, it just came up when we were testing the quota.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Quota async="false" continueOnError="false" enabled="true" name="impose-quota">
    <DisplayName>Impose Quota</DisplayName>
    <Identifier ref="verifyapikey.verify-api-key.developer.id"/>
    <Allow countRef="verifyapikey.verify-api-key.apiproduct.developer.quota.limit" count="3000"/>
    <Interval ref="verifyapikey.verify-api-key.apiproduct.developer.quota.interval">1</Interval>
    <Distributed>true</Distributed>
    <Synchronous>true</Synchronous>
    <TimeUnit ref="verifyapikey.verify-api-key.apiproduct.developer.quota.timeunit">month</TimeUnit>
</Quota>

I would just like to understand a little better about how the quota limit is hit.

I assume if I hit the 60k product 5k times it would work but then as soon as I hit the 3k product, would both of them stop working until the end of the month because it sets the developer.id to "exceeded quota"?

ok.

Then use APIkey = client_id as the Identifier in order to accomplish what you want.

If you want apps to be limited to 3k and 60k, and also want a separate limit for the developer, then you can use 2 Quota policies in sequence. The second one would use developer.id and would use a separate (product independent) limit. Say, 61k. In your case, using 3k and 60k, setting the developer-centric quota to 63k or above would be ineffectual, and setting it to below 60k would make the 60k product ineffectual.

Thank you, I actually am not looking for a solution, just an understanding of why I'm seeing the result I am seeing.