Request Throttling Plug-in

The request throttling plug-in limits the number of times an API can be called within a specific time period. It supports parameter-based, basic, and excluded throttling.

Note

If your gateway does not support the request throttling plug-in, contact customer service to upgrade the gateway.

  • Basic throttling

    Throttle requests by API, user, app, or source IP address. This function is equivalent to a request throttling policy but is incompatible with it.

  • Parameter-based throttling

    Throttle requests based on headers, path parameters, methods, query strings, or system variables.

  • Excluded throttling

    Throttle requests based on specific apps or tenants.

Constraints

  • A request throttling policy becomes invalid if a request throttling plug-in is bound to the same API as the policy.

  • You can define a maximum of 100 parameter rules.

  • The plug-in content cannot exceed 65,535 characters.

Configuration Parameters

Table 1 Configuration parameters

Parameter

Description

Policy Type

  • API-specific

    Monitor and control the requests of a single API.

  • API-sharing

    Monitor and control the total requests of all APIs bound with the plug-in.

Period

For how long you want to limit the number of API requests.

  • Max. API Requests: Limit the maximum number of times an API can be called within a specific time period.

  • Max. User Requests: Limit the maximum number of times an API can be called by a user within a specific time period.

  • Max. App Requests: Limit the maximum number of times an API can be called by an app within a specific time period.

  • Max. IP Address Requests: Limit the maximum number of times an API can be called by an IP address within a specific time period.

Max. API Requests

The maximum number of times each bound API can be called within the specified period.

This parameter must be used together with Period.

Max. User Requests

The maximum number of times each bound API can be called by a user within the specified period. For APIs with IAM authentication, the throttling is based on a project ID; for APIs with app authentication, the throttling is based on an account ID. For details about account IDs and project IDs, see the description about Excluded Tenants in this table.

  • The value of this parameter cannot exceed that of Max. API Requests.

  • This parameter must be used together with Period.

  • If there are many users under your account that access an API, the request throttling limits of the API will apply to all these users.

Max. App Requests

The maximum number of times each bound API can be called by an app within the specified period. This limit only applies to APIs that are accessed through app authentication.

  • The value of this parameter cannot exceed that of Max. User Requests.

  • This parameter must be used together with Period.

Max. IP Address Requests

The maximum number of times each bound API can be called by an IP address within the specified period.

  • The value of this parameter cannot exceed that of Max. API Requests.

  • This parameter must be used together with Period.

Parameter-based Throttling

Enable or disable parameter-based throttling. After this function is enabled, API requests are throttled based on specified parameters.

Parameters

Define parameters for throttling rules.

  • Parameter Location: the location of a parameter to be used in a rule.

    • path: API request URI. This parameter is configured by default.

    • method: API request method. This parameter is configured by default.

    • Header: the value of the first HTTP header with the parameter name you set.

    • Query: the value of the first query string with the parameter name you set.

    • System: a system parameter.

  • Parameter Name: the name of a parameter to match the specified value in a rule.

Rules

Define throttling rules. A rule consists of conditions, an API request throttling limit, and a period.

To add more rules, click Add Rule.

  • Conditions

    Click image1 to set condition expressions. To set an expression, select a parameter and operator, and enter a value.

    • =: equal to

    • !=: not equal to

    • pattern: regular expression

    • enum: enumerated values. Separate multiple values with commas (,).

  • Max. API Requests

    The maximum number of times that an API can be called within a specific time period.

  • Period

    A period of time that will apply with the throttling limit you set. If not specified, the period set in the Police Details area will be used.

For example, configure parameter-based throttling as follows: add the Host parameter and specify the location as Header; add the condition Host = www.abc.com, and set the throttling limit to 10 and the period to 60s. For APIs whose Host parameter in the request header is equal to www.abc.com, they cannot be called again once called 10 times in 60s.

Excluded Throttling

Enable or disable excluded throttling. After this function is enabled, the throttling limits for excluded tenants and apps override the Max. User Requests and Max. App Requests in the Basic Throttling area.

Excluded Tenants

Tenant ID: an account ID or project ID.

  • Specify a project ID for an API with app authentication. For details, see "Obtaining a Project ID" in the API Gateway API Reference.

  • Specify an account ID (not IAM user ID) for an API with IAM authentication. For details, see "Obtaining an Account Name and Account ID" in the API Gateway API Reference.

Threshold: the maximum number of times that a specific tenant can access an API within the specified period. The threshold cannot exceed the value of Max. API Requests in the Basic Throttling area.

Excluded Apps

Select an app, and specify the maximum number of times that the app can access an API within the specified period. The threshold cannot exceed the value of Max. API Requests in the Basic Throttling area.

Example Script

{
  "scope": "basic",
  "default_interval": 60,
  "default_time_unit": "second",
  "api_limit": 100,
  "app_limit": 50,
  "user_limit": 50,
  "ip_limit": 20,
  "specials": [
    {
      "type": "app",
      "policies": [
        {
          "key": "2e421d76dc6c4c75941511ccf654e368",
          "limit": 10
        }
      ]
    },
    {
      "type": "user",
      "policies": [
        {
          "key": "878f1b87f71c40a7a15db0998f358bb9",
          "limit": 10
        }
      ]
    }
  ],
  "parameters": [
    {
      "type": "path",
      "name": "reqPath",
      "value": "reqPath"
    },
    {
      "type": "method",
      "name": "method",
      "value": "method"
    },
    {
      "type": "header",
      "name": "Host",
      "value": "Host"
    }
  ],
  "rules": [
    {
      "match_regex": "[\"Host\",\"==\",\"www.abc.com\"]",
      "rule_name": "rule-jlce",
      "time_unit": "second",
      "interval": 0,
      "limit": 5
    }
  ]
}
last updated: 2024-11-13 13:54 UTC - commit: 0a62e5dc1182b13184917e7aa490e164e6eb655a