This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Different quota limits for each proxy in a bundled API product

Posted on 03-29-2019 05:14 AM
sarfernando
New Member
Reply posted on --/--/---- --:-- AM

Are there valid use cases where we may need to apply different quota limits on proxies bundled in a single API product? Or is it recommended practise to create a product per proxy to achieve this?

We are also looking to apply quota policies at resource level and method level for each resource. What would be the best approach for this ? Thank you.

Solved Solved
0 3 167
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Are there valid use cases where we may need to apply different quota limits on proxies bundled in a single API product?

Possibly there are valid use cases. I don't know what they might be though...

There are ways to achieve per-proxy quotas.

Today the quota limit defined on an API Product is a single quota number.

How it works at runtime:

  • a request arrives at the API Proxy
  • the proxy invokes either VerifyApiKey or OAuthV2/VerifyAccessToken;
    this verifies that the key or token provided is authorized for this proxy and resource path.
  • the proxy then invokes Quota policy. If the designer wants to enforce a quota based on the quota limit defined in the API Product, then the quota policy must reference context variables that have been implicitly set by the preceding VerifyApiKey or VerifyAccessToken.

If you want to apply a different limit for each proxy in a product, you can do that. The way to do it:

  • define custom attributes on the API product representing the quota limit for each proxy. For example

    custom attr name value meaning
    proxy1 100 quota limit for proxy1
    proxy2 1200 quota limit for proxy2
  • When VerifyApiKey or VerifyAccessToken is called, these custom attributes are loaded into context variables.
  • Within each API Proxy, insert a Quota policy that references THOSE variables, rather than the standard variables for an API product.

We are also looking to apply quota policies at resource level and method level for each resource.

If you want to do something more elaborate, then I'd suggest externalizing the quota limits on the per-resource or per-method basis into a JSON or other data format. You could attach that as a custom attribute to the API product too.

Then you would need to run a little JavaScript step that performs a JSON.parse() on that value, and then sets the appropriate context variables for the given resouce path and verb (etc) by examining request.verb, proxy.pathsuffix, and comparing that against what is in the JSON blob.

Set variables like "quota_limit" and then invoke the Quota policy using that variable.

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@Sarah If you want to put different constant quota values for each proxy then you can set your quota at proxy as literals instead of reference values. If you want in reference, then you can set custom attributes at developer app, developer or product level for the different quotas, then after API key verification, you can use those in quota policy of different proxies as reference.

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Are there valid use cases where we may need to apply different quota limits on proxies bundled in a single API product?

Possibly there are valid use cases. I don't know what they might be though...

There are ways to achieve per-proxy quotas.

Today the quota limit defined on an API Product is a single quota number.

How it works at runtime:

  • a request arrives at the API Proxy
  • the proxy invokes either VerifyApiKey or OAuthV2/VerifyAccessToken;
    this verifies that the key or token provided is authorized for this proxy and resource path.
  • the proxy then invokes Quota policy. If the designer wants to enforce a quota based on the quota limit defined in the API Product, then the quota policy must reference context variables that have been implicitly set by the preceding VerifyApiKey or VerifyAccessToken.

If you want to apply a different limit for each proxy in a product, you can do that. The way to do it:

  • define custom attributes on the API product representing the quota limit for each proxy. For example

    custom attr name value meaning
    proxy1 100 quota limit for proxy1
    proxy2 1200 quota limit for proxy2
  • When VerifyApiKey or VerifyAccessToken is called, these custom attributes are loaded into context variables.
  • Within each API Proxy, insert a Quota policy that references THOSE variables, rather than the standard variables for an API product.

We are also looking to apply quota policies at resource level and method level for each resource.

If you want to do something more elaborate, then I'd suggest externalizing the quota limits on the per-resource or per-method basis into a JSON or other data format. You could attach that as a custom attribute to the API product too.

Then you would need to run a little JavaScript step that performs a JSON.parse() on that value, and then sets the appropriate context variables for the given resouce path and verb (etc) by examining request.verb, proxy.pathsuffix, and comparing that against what is in the JSON blob.

Set variables like "quota_limit" and then invoke the Quota policy using that variable.

Jump to Solution

Posted on --/--/---- --:-- AM
sarfernando
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thank you for the detailed answer!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@Sarah If you want to put different constant quota values for each proxy then you can set your quota at proxy as literals instead of reference values. If you want in reference, then you can set custom attributes at developer app, developer or product level for the different quotas, then after API key verification, you can use those in quota policy of different proxies as reference.

Jump to Solution
0 Likes