Contents

Popular
 Contents

Quota policy is used to configure the number of request messages that an application is allowed to submit to an API per hour/day/week/month.

Icon
  • The most logical part of the resource to which quota can be attached is the Proxy Request to immediately check the quota before allowing the message flow to continue.
  • To shield against overall traffic spikes, use Spike Arrest policy instead of Quota.

Configuration

The properties that have to be configured to use the policy are described below.


Figure 1: Quota Policy Configuration attributes

PropertyDescription

Quota

Specifies the number of request messages that an application is allowed to submit to an API per hour/day/week/month.
Quota Identifier

For the Quota policy to work, each application requires a unique identifier to be presented with each request. The identifier can be customized. It can be any HTTP header, query parameter, form parameter, or message content that is unique to each consumer application.

Weight

Assigns weight to specific messages to increase/decrease the impact of request messages over other messages. For example, it can consider POST messages twice as "heavy" or expensive as GET messages.

Implications to the Variable name in Client Subscription Properties

Icon

  • if Type=PARAMETER, the variable name to be mentioned in the Client Subscription should be specified with a prefix as below:

    Icon

    Refer to Example 1 which illustrates this.

  • If Type=CONTEXT_VARIABLE, the variable name to be mentioned in the Client Subscription should be the name as provided for CONTEXT_VARIABLE.

    Icon

    Refer to Example 3 which illustrates this.

Distributed optionThis option is used to fetch data from the distributed database (Cassandra). If disabled, it fetches data from the cache memory in the local machine.

Synchronous




 

Specifies that the remaining quota value gets updated after every call. This option is suggested when the quota value is a hard limit to the number of calls that can be made.

The Synchronous option gets enabled when the Distributed option is enabled.


Figure 2: Synchronous option that gets enabled on enabling the Distributed option.

Re-sync Interval

Specifies the time that the system waits for before rechecking the availability of quota for the user.

The Re-sync Interval option gets enabled when the Synchronous option is disabled.


Figure 3:  Re-sync Interval option that gets enabled on disabling the Synchronous option.

Advanced

This is the default option, which allows configuring all the properties described in the above table.

Click the Edit  button corresponding to the Quota, Quota Identifier, or Weight to configure Type, Variable Name, and Default Value.

Figure 4: Dialog box to choose Identifier Type

Icon

Refer to the Configuring Message Part Identifier section to configure these parameters.

Basic

Basic allows to set Quota and Quota Identifier values alone.


Figure 5: Quota and Quota Identifier properties to configure in the Basic option

Fetch from product corresponding to developer ID

With this option selected, it assumes the quota as configured in the Product Configuration for which the weight can be configured additionally.


Figure 6: Weight property to configure in the "Fetch from product corresponding to developer ID" option


Figure 7: Quota property values configured in the Product Configuration screen

Examples

Examples mentioned below illustrate some sample configurations and their implications on the request.

Example 1

Quota Policy can be configured in conjunction with Verify API key or Verify Access Token policies so that the details of the product, client, client subscription to which the API key/access token belongs can be used to apply the quota limits.

Context Variables provide a way to store temporary data inside a flow and then use it in subsequent parts of the flow. This is the most common mechanism of context sharing among policies in a project.

The Verify API key policy populates the following context variables, among others, which can be used in quota policy.

  • api.product.quota.allowed -The quota of the product corresponding to the client subscription to which the API key belongs.
  • api.developer.id - The ID of the developer to which the API key corresponds to.

So, when a quota policy is added after the Verify API Key policy, the following configuration will make sure that the values are fetched from the corresponding product and developer.

  • Quota:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.product.quota.allowed
    • Default Value: Having the Verify API Key before the quota policy makes sure that the variable is populated.
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: Any value
  • Weight:
    • Type: PARAMETER

    • Name: weight (The name of the Query Parameter which needs to be used as the identifier) 

      Icon

      As Type is "PARAMETER", the variable name mentioned in the Client Subscription should be specified as below:


      Figure 8: Client Subscription Property variable name provided as the Weight variable name with prefix for variable type - PARAMETER

    • Default Value: 1


Figure 9: Quota policy properties with values provided in Example 1

This policy restricts the number of requests to 10 per hour for the project. If the number of requests exceeds the limit, then an error message appears such as the one below:


Figure 10: Error message that appears when the requests exceed the set limit

Example 2

The number of requests that have to be processed for a project is obtained by dividing 'Quota' by 'Weight'. As per the configuration below, Quota/Weight equals to ‘5’. Therefore, the maximum number of requests processed per hour is ‘5’.

  • Quota :
    • Type: CONSTANT
    • Default Value: 10/1/hour
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: default
  • Weight:
    • Type: CONSTANT
    • DefaultValue: 2


Figure 11: Quota policy properties with values provided in Example 2

Example 3

As explained in Example 1, when a project has both Verify API Key/Verify access token and Quota policies configured, the details about the product, client, and client subscription will be populated automatically.  Consider the client subscription below.


Figure 12: Quota policy properties with values provided in Example 3

It is possible to assign a variable such as "subscription.weight" in the properties of the client subscriptions such that the most important subscription is provided the least weight.  Therefore, a product with a quota of 10 requests per hour and with a client whose subscription has weight 1 can send 10 requests per hour, while with a client whose subscription has weight 2 can send only 5 requests per hour.

  • Quota:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.product.quota.allowed
    • Default Value: 10/1/hour (Setting the quota value to 10 per hour). Having Verify API Key before the quota policy makes sure that the variable is populated.
  • Quota Identifier:
    • Type: CONTEXT_VARIABLE
    • Variable Name: api.developer.id
    • Default Value: default (any value)
  • Weight:
    • Type: CONTEXT_VARIABLE

    • Name: subscription.weight 

      Icon

      As Type is "CONTEXT_VARIABLE", the variable name mentioned in the Client Subscription (under Properties) is provided with the same name (subscription.weight) as displayed in the figure above.

    • Default Value: 1.

 

Adaptavist ThemeBuilder EngineAtlassian Confluence