Ana içeriğe atla

General Information

Policy Type

policy-api-based-throttling

UI Documentation

📖 For detailed information: [UI Documentation Link - Link will be added here]

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-api-based-throttling",
            "name": "throttling-policy",
            "description": "API throttling policy",
            "active": true,
            "targetVariableForIdentity": {
              "type": "HEADER",
              "headerName": "X-API-Key"
            },
            "messageCountForInterval": 100,
            "throttlingInterval": "ONE_MINUTE",
            "intervalPeriodLength": 1,
            "intervalWindowType": "FIXED",
            "cacheConnectionTimeoutInSeconds": 3,
            "cacheErrorHandlingType": "FAIL",
            "showRateLimitStatisticsInResponseHeader": false
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-based-throttling",
    "description": "API throttling policy - 100 requests per minute",
    "active": true,
    "targetVariableForIdentity": {
      "type": "HEADER",
      "headerName": "X-API-Key"
    },
    "messageCountForInterval": 100,
    "throttlingInterval": "ONE_MINUTE",
    "intervalPeriodLength": 1,
    "intervalWindowType": "FIXED",
    "cacheConnectionTimeoutInSeconds": 3,
    "cacheErrorHandlingType": "FAIL",
    "showRateLimitStatisticsInResponseHeader": true,
    "detailList": [
      {
        "targetValue": "VIP",
        "regexExpression": false,
        "messageCountForInterval": 1000,
        "intervalPeriodLength": 1,
        "quotaInterval": "ONE_MINUTE"
      }
    ]
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-api-based-throttling
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
targetVariableForIdentityobjectYes-Variable to identify clients for throttling
messageCountForIntervalintegerYes-Maximum number of requests allowed in interval
throttlingIntervalstringYes-Time interval for throttling
intervalPeriodLengthintegerNo1Period length multiplier
intervalWindowTypestringNoFIXEDWindow type: FIXED or SLIDING
cacheConnectionTimeoutInSecondsintegerNo3Cache connection timeout
cacheErrorHandlingTypestringNoFAILCache error handling: FAIL or ALLOW
showRateLimitStatisticsInResponseHeaderbooleanNofalseShow rate limit stats in response headers
detailListarrayNo[]List of detail rules for specific values
Enum: throttlingInterval
  • ONE_SECOND - 1 second
  • ONE_MINUTE - 1 minute
  • ONE_HOUR - 1 hour
  • ONE_DAY - 1 day
Enum: intervalWindowType
  • FIXED - Fixed time window
  • SLIDING - Sliding time window
Enum: cacheErrorHandlingType
  • FAIL - Fail request if cache error occurs
  • ALLOW - Allow request if cache error occurs
targetVariableForIdentity
See Variable Definition for complete variable documentation.
FieldTypeRequiredDescription
namestringYesVariable name (e.g., “client.ip”, “request.header.X-API-Key”)
typestringYesVariable type. See Variable Types
headerNamestringNo*Header name (required if type=HEADER)
paramTypestringNo*Parameter type (required if type=PARAMETER). See EnumVariableParameterType
paramNamestringNo*Parameter name (required if type=PARAMETER)
paramPathstringNo*Parameter path template (required if type=PARAMETER and paramType=PATH)
messageContentTypestringNo*Message content type (required if type=BODY). See EnumMessageContentType
xpathValuestringNo*XPath expression (required if type=BODY and messageContentType=XML)
jsonPathValuestringNo*JsonPath expression (required if type=BODY and messageContentType=JSON)
contextValuestringNo*Context value (required if type=CONTEXT_VALUES). See EnumVariableContextValue
zoneIdstringNo*Time zone ID (required for date/time context values)
scriptLanguagestringNo*Script language (required if type=CUSTOM)
scriptBodystringNo*Script body (required if type=CUSTOM)

Variable Types

  • HEADER - Extract from HTTP header
  • PARAMETER - Extract from query/path/form parameter
  • BODY - Extract from request body (XML, JSON, or raw)
  • CONTEXT_VALUES - Extract from system context values (e.g., CLIENT_IP, REQUEST_URI)
  • CUSTOM - Extract using custom script

Common Context Values

  • REQUEST_REMOTE_ADDRESS - Client IP address
  • REQUEST_REQUEST_URI - Request URI
  • REQUEST_HTTP_METHOD - HTTP method
  • REQUEST_USERNAME_KEY - Username or key
For complete list of context values, see EnumVariableContextValue.
detailList (Optional)
FieldTypeRequiredDefaultDescription
targetValuestringYes-Target value to match (e.g., “VIP”)
regexExpressionbooleanNofalseWhether targetValue is regex
messageCountForIntervalintegerYes-Message count for this detail
intervalPeriodLengthintegerNo1Period length multiplier
quotaIntervalstringYes-Time interval for this detail

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/throttling-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-api-based-throttling",
      "description": "API throttling policy - 100 requests per minute",
      "active": true,
      "targetVariableForIdentity": {
        "type": "HEADER",
        "headerName": "X-API-Key"
      },
      "messageCountForInterval": 100,
      "throttlingInterval": "ONE_MINUTE",
      "intervalPeriodLength": 1,
      "intervalWindowType": "FIXED",
      "cacheConnectionTimeoutInSeconds": 3,
      "cacheErrorHandlingType": "FAIL",
      "showRateLimitStatisticsInResponseHeader": true
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-based-throttling",
    "description": "Updated API throttling policy - 200 requests per minute",
    "active": true,
    "targetVariableForIdentity": {
      "type": "HEADER",
      "headerName": "X-API-Key"
    },
    "messageCountForInterval": 200,
    "throttlingInterval": "ONE_MINUTE",
    "intervalPeriodLength": 1,
    "intervalWindowType": "FIXED",
    "cacheConnectionTimeoutInSeconds": 5,
    "cacheErrorHandlingType": "FAIL",
    "showRateLimitStatisticsInResponseHeader": true,
    "detailList": [
      {
        "targetValue": "VIP",
        "regexExpression": false,
        "messageCountForInterval": 2000,
        "intervalPeriodLength": 1,
        "quotaInterval": "ONE_MINUTE"
      }
    ]
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/throttling-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-api-based-throttling",
      "description": "Updated API throttling policy - 200 requests per minute",
      "active": true,
      "targetVariableForIdentity": {
        "type": "HEADER",
        "headerName": "X-API-Key"
      },
      "messageCountForInterval": 200,
      "throttlingInterval": "ONE_MINUTE",
      "intervalPeriodLength": 1,
      "intervalWindowType": "FIXED",
      "cacheConnectionTimeoutInSeconds": 5,
      "cacheErrorHandlingType": "FAIL",
      "showRateLimitStatisticsInResponseHeader": true
    }
  }'

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNofalseWhether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

cURL Example

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/throttling-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false
    }
  }'

Notes and Warnings

  • Cache Dependency: This policy requires a cache connection. Ensure cache is properly configured.
  • Identity Variable: Choose the identity variable carefully. Common choices:
    • HEADER with API key header - For API key-based throttling
    • CONTEXT with CLIENT_IP - For IP-based throttling
    • PARAMETER with user ID - For user-based throttling
  • Window Types:
    • FIXED - Fixed time windows (e.g., minute 1:00-1:59)
    • SLIDING - Sliding time windows (last 60 seconds from current time)
  • Detail List: Use detailList to provide different limits for specific values (e.g., VIP users)
  • Rate Limit Headers: When showRateLimitStatisticsInResponseHeader is true, response includes:
    • X-RateLimit-Limit - Maximum requests allowed
    • X-RateLimit-Remaining - Remaining requests in current window
    • X-RateLimit-Reset - Time when limit resets
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.