Contents

Popular
 Contents

Quota policy is used to configure the number of request messages that an app is allowed to submit to an API per hour/day/week/month.

Icon
  • The most logical part of the resource to which quota can be attached is the Proxy Request to immediately check quota before allowing the message flow to continue.
  • To shield against overall traffic spikes, use Spike Arrest policy instead of Quota.

Configuration

The properties that have to be configured to use the policy are described below.


Figure 1: Quota Policy Configuration attributes

PropertyDescription

Quota

Specifies the number of request messages that an app is allowed to submit to an API per hour/day/week/month.
Quota Identifier

For the Quota policy to work, each app requires a unique identifier to present with each request. The identifier can be customized. It can be any HTTP header, query parameter, form parameter, or message content that is unique to each consumer app.

Weight

Assigns weight for specific messages to increase/decrease the impact of request messages than others, for example, to consider POST messages as being twice as "heavy" or expensive, as GET messages.

Distributed optionSelect this option to fetch data from distributed database (Cassandra). If disabled, it fetches data from cache memory in the local machine.
Icon

When you click Edit  button corresponding to the Quota, Quota Identifier or Weight, you get options to configure Type, Variable Name and Default Value.

Figure 2: Dialog box to choose Identifier Type

Refer  Configuring Message Part Identifier section to configure these parameters.

Examples

Examples mentioned below illustrate some sample configurations and its implications on the request.

Example 1

Quota Policy can be configured in conjunction with Verify API key or Verify Access Token policies so that the details of the product, client, client subscription to which the API key/access token belongs to can be used for applying the quota limits.

Context Variables provide a way to store temporary data inside a flow and then use it in the subsequent parts of the flow. This is the most common mechanism of context sharing among policies in a project.

The Verify API key policy populates the following context variables, among others, which can be used in quota policy.

  • api.product.quota.allowed -The quota of the product corresponding to the client subscription for which the API key belongs to.
  • api.developer.id - The ID of the developer to which the API key correspond to.

So when a quota policy is added after Verify API Key policy the following configuration will make sure that the values are fetched from corresponding product and developer.

  • Quota:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.product.quota.allowed
    • Default Value: This can be anything for this example since having Verify API Key before the quota policy makes sure that the variable is populated.
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: can be any value
  • Quota Identifier:
    • Type: PARAMETER
    • Name: weight (The name of the query parameter which needs to be used as the identifier)
    • Default Value: 1


Figure 3: Quota policy properties with values provided in Example 1

This policy restricts the number of requests to 10 per hour for this project. If the number of requests exceed, then an error message appears as below:


Figure 4: Error message that appears when the requests exceed the set limit

Example 2

Number of requests that have to be processed for a project is obtained by dividing 'Weight' with 'Quota'. As per the below configuration, Quota/Weight equals to ‘5’. So, the maximum number of requests which will be processed per hour is ‘5’.

  • Quota :
    • Type: COSTANT
    • Default Value: 10/1/hour
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: default
  • Weight:
    • Type: COSTANT
    • DefaultValue: 2


Figure 5: Quota policy properties with values provided in Example 2

Example 3

As explained in the example 1, when a project has both Verify API Key/Verify access token and Quota policies configured, the details about the product, client and client subscription will be populated automatically.  Consider the client subscription below.


Figure 6: Quota policy properties with values provided in Example 3

In cases like this, it is possible to assign a variable, say subscription.weight in the properties of the client subscriptions such that the most important subscription is provided the least weight.  So with a product with quota 10 requests per hour, a client whose subscription has weight 1 can send 10 requests and a client with weight 2 can send only 5 in an hour.

  • Quota:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.product.quota.allowed
    • Default Value: 10/1/hour (Setting the quota value to 10 per hour). This can be anything for this example since having Verify API Key before the quota policy makes sure that the variable is populated.
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: default (can be any value)
  • Weight Identifier:
    • Type: CONTEXT_VARIABLE
    • Name: subscription.weight
    • Default Value: 1.
Adaptavist ThemeBuilder EngineAtlassian Confluence