This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

API throttling based on individual request

Posted on 10-08-2018 07:17 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Experts,

I am facing challenge in throttling the request being sent towards our backend system. Below is the use case defined,

We have a Single Page Application sending request towards our backend system through APIGEE with unique userID in the header. We want to throttle this request in APIGEE in such a way that every minute all requests with unique userID is allowed towards our backend and rest all should be discarded.

For better understanding, have described the request flow below, all requests are from same SPA

First minute 4 requests:

Request 1 : user1 -> APIGEE -> Backend system [Allowed]

Request 2 : user2 -> APIGEE -> Backend system [Allowed]

Request 3 : user1 -> APIGEE -> Backend system [Restrict]

Request 4 : user3 -> APIGEE -> Backend system [Allowed]

when user1 tried to send request again, APIGEE should restrict as the same user already sent the request, user1 will be allowed only when one minute duration is passed as shown below

Second minute 4 requests:

Request 1 : user1 -> APIGEE -> Backend system [Allowed]

Request 2 : user2 -> APIGEE -> Backend system [Allowed]

..........

Please let me know how this scenario can be accomplished.

PS : We are validating the call from SPA through JWT.

Thanks in advance

Solved Solved
1 2 499
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Ajitesh Srivastava, I think we can use the Quota Policy, it has an Identifier element, which will differentiate between different user calls based on an user-name request header as per below policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Quota async="false" continueOnError="false" enabled="true" name="Quota-1">
    <DisplayName>Quota-1</DisplayName>
    <Properties/>
    <Identifier ref="request.header.user-name"/>
    <Allow count="1"/>
    <Interval>1</Interval>
    <Distributed>true</Distributed>
    <Synchronous>true</Synchronous>
    <TimeUnit>minute</TimeUnit>
</Quota>

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Ajitesh Srivastava, I think we can use the Quota Policy, it has an Identifier element, which will differentiate between different user calls based on an user-name request header as per below policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Quota async="false" continueOnError="false" enabled="true" name="Quota-1">
    <DisplayName>Quota-1</DisplayName>
    <Properties/>
    <Identifier ref="request.header.user-name"/>
    <Allow count="1"/>
    <Interval>1</Interval>
    <Distributed>true</Distributed>
    <Synchronous>true</Synchronous>
    <TimeUnit>minute</TimeUnit>
</Quota>
Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

Thanks @Siddharth Barahalikar

It worked perfectly fine for the use case

Jump to Solution
0 Likes