Contents

Popular
 Contents

Quota policy is used to configure the number of request messages that an application is allowed to submit to an API per hour/day/week/month.

Icon
  • The most logical part of the resource to which quota can be attached is the Proxy Request to immediately check the quota before allowing the message flow to continue.
  • To shield against overall traffic spikes, use Spike Arrest policy instead of Quota.

Configuration

The properties that have to be configured to use the policy are described below.


Figure 1: Quota Policy Configuration attributes

PropertyDescription

Quota

Specifies the number of request messages that an application is allowed to submit to an API per hour/day/week/month.
Quota Identifier

For the Quota policy to work, each application requires a unique identifier to be presented with each request. The identifier can be customized. It can be any HTTP header, query parameter, form parameter, or message content that is unique to each consumer application.

Weight

Assigns weight for specific messages to increase/decrease the impact of request messages over other messages. For example, it can consider POST messages twice as "heavy" or expensive as GET messages.

Distributed optionThis option is used to fetch data from the distributed database (Cassandra). If disabled, it fetches data from the cache memory in the local machine.
Icon

Click the Edit  button corresponding to the Quota, Quota Identifier, or Weight to configure Type, Variable Name, and Default Value.

Figure 2: Dialog box to choose Identifier Type

Refer to the Configuring Message Part Identifier section to configure these parameters.

Examples

Examples mentioned below illustrate some sample configurations and their implications on the request.

Example 1

Quota Policy can be configured in conjunction with Verify API key or Verify Access Token policies so that the details of the product, client, client subscription to which the API key/access token belongs can be used to apply the quota limits.

Context Variables provide a way to store temporary data inside a flow and then use it in subsequent parts of the flow. This is the most common mechanism of context sharing among policies in a project.

The Verify API key policy populates the following context variables, among others, which can be used in quota policy.

  • api.product.quota.allowed -The quota of the product corresponding to the client subscription to which the API key belongs.
  • api.developer.id - The ID of the developer to which the API key correspond to.

So when a quota policy is added after Verify API Key policy the following configuration will make sure that the values are fetched from the corresponding product and developer.

  • Quota:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.product.quota.allowed
    • Default Value: Having the Verify API Key before the quota policy makes sure that the variable is populated.
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: Any value
  • Quota Identifier:
    • Type: PARAMETER
    • Name: weight (The name of the Query Parameter which needs to be used as the identifier)
    • Default Value: 1


Figure 3: Quota policy properties with values provided in Example 1

This policy restricts the number of requests to 10 per hour for the project. If the number of requests exceed the limit, then an error message appears such as the one below:


Figure 4: Error message that appears when the requests exceed the set limit

Example 2

The number of requests that have to be processed for a project is obtained by dividing 'Weight' with 'Quota'. As per the configuration below, Quota/Weight equals to ‘5’. Therefore, the maximum number of requests processed per hour is ‘5’.

  • Quota :
    • Type: COSTANT
    • Default Value: 10/1/hour
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: default
  • Weight:
    • Type: COSTANT
    • DefaultValue: 2


Figure 5: Quota policy properties with values provided in Example 2

Example 3

As explained in Example 1, when a project has both Verify API Key/Verify access token and Quota policies configured, the details about the product, client, and client subscription will be populated automatically.  Consider the client subscription below.


Figure 6: Quota policy properties with values provided in Example 3

It is possible to assign a variable such as subscription.weight in the properties of the client subscriptions such that the most important subscription is provided the least weight.  Therefore, a product with a quota of 10 requests per hour and with a client whose subscription has weight 1 can send 10 requests per hour, while with a client whose subscription has weight 2 can send only 5 requests per hour.

  • Quota:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.product.quota.allowed
    • Default Value: 10/1/hour (Setting the quota value to 10 per hour). Having Verify API Key before the quota policy makes sure that the variable is populated.
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: default (any value)
  • Weight Identifier:
    • Type: CONTEXT_VARIABLE
    • Name: subscription.weight
    • Default Value: 1.
Adaptavist ThemeBuilder EngineAtlassian Confluence