Create RLCL
Endpoint
POST /apiops/projects/{projectName}/rlcl/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
Request Body
Full JSON Body Example - Basic RLCL
{
"name": "PremiumUserRLCL",
"description": "Rate limit for premium users",
"enabled": true,
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 3,
"cacheErrorHandlingType": "FAIL",
"timeIntervalWindowType": "FIXED",
"showRateLimitStatisticsInResponseHeader": false,
"targetVariable": null
}
Full JSON Body Example - RLCL with Target Variable
{
"name": "IPBasedRLCL",
"description": "Rate limit based on IP address",
"enabled": true,
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 5,
"cacheErrorHandlingType": "CONTINUE",
"timeIntervalWindowType": "SLIDING",
"showRateLimitStatisticsInResponseHeader": true,
"targetVariable": {
"name": "clientIp",
"type": "CONTEXT_VALUES",
"contextValue": "REQUEST_REMOTE_ADDRESS"
}
}
Full JSON Body Example - RLCL with Target Audience and General Quota
{
"name": "TargetedRLCL",
"description": "Rate limit premium users; apply a general quota to everyone else",
"enabled": true,
"identitySource": "VARIABLE",
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 3,
"cacheErrorHandlingType": "FAIL",
"timeIntervalWindowType": "FIXED",
"showRateLimitStatisticsInResponseHeader": true,
"targetVariable": {
"name": "clientApiKey",
"type": "HEADER",
"headerName": "X-API-Key"
},
"targetAudienceRuleList": [
{ "operator": "STARTS_WITH", "value": "premium-" },
{ "operator": "EQ", "value": "vip-customer" }
],
"outOfTargetAction": "GENERAL_QUOTA",
"generalQuotaMode": "PER_IDENTITY",
"generalQuotaPermittedMessageCount": 100,
"generalQuotaTimeIntervalPeriodLength": 1,
"generalQuotaTimeInterval": "ONE_MINUTE"
}
Request Body Fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| name | string | Yes | - | RLCL name (unique identifier within project) |
| description | string | No | - | RLCL description |
| enabled | boolean | No | true | Whether the RLCL is enabled |
| executionOrder | string | No | BEFORE_API_PROXY | Execution position in the request policy flow. See EnumExecutionOrder |
| cacheConnectionTimeoutInSeconds | integer | No | 3 | Cache connection timeout in seconds |
| cacheErrorHandlingType | string | No | FAIL | Cache error handling type. See EnumCacheErrorHandlingType |
| timeIntervalWindowType | string | No | FIXED | Time interval window type. See EnumIntervalWindowType |
| showRateLimitStatisticsInResponseHeader | boolean | No | false | Show rate limit statistics in response header |
| targetVariable | object|null | No | null | Target variable for rate limiting (used when identitySource=VARIABLE). See Variable Object |
| identitySource | string | No | VARIABLE | How the request identity is resolved. See EnumRateLimitIdentitySource |
| targetAudienceRuleList | array | No | [] | Target audience rules (operator + value), evaluated with OR logic. See Target Audience Rule Object |
| outOfTargetAction | string | No | BLOCK | Behaviour for requests outside the target audience. See EnumRateLimitOutOfTargetAction |
| generalQuotaMode | string | No | TOTAL | General quota mode (used when outOfTargetAction=GENERAL_QUOTA). See EnumRateLimitGeneralQuotaMode |
| generalQuotaPermittedMessageCount | integer | No* | - | Permitted message count for the general quota (required if outOfTargetAction=GENERAL_QUOTA, must be > 0) |
| generalQuotaTimeIntervalPeriodLength | integer | No* | - | Time interval period length for the general quota (required if outOfTargetAction=GENERAL_QUOTA, must be > 0) |
| generalQuotaTimeInterval | string | No* | - | Time interval unit for the general quota (required if outOfTargetAction=GENERAL_QUOTA). See EnumRateLimitTimeInterval |
EnumExecutionOrder (executionOrder)
The execution position in the request policy flow. The flow is: proxy group policies → API proxy policies → API method policies → backend routing.
BEFORE_PROXY_GROUP- Run before the proxy group policiesAFTER_PROXY_GROUP- Run after the proxy group policies (same position asBEFORE_API_PROXY)BEFORE_API_PROXY- Run before the API proxy policies (default; same position asAFTER_PROXY_GROUP)AFTER_API_PROXY- Run after the API proxy policies (same position asBEFORE_API_METHOD)BEFORE_API_METHOD- Run before the API method policies (same position asAFTER_API_PROXY)AFTER_API_METHOD- Run after the API method policiesFIRST- Deprecated. Equivalent toBEFORE_API_METHOD. Kept for backward compatibilityLAST- Deprecated. Equivalent toAFTER_API_METHOD. Kept for backward compatibility
EnumCacheErrorHandlingType (cacheErrorHandlingType)
FAIL- Fail the request if cache error occursCONTINUE- Continue processing if cache error occurs
EnumIntervalWindowType (timeIntervalWindowType)
FIXED- Fixed time interval windowSLIDING- Sliding time interval window
EnumRateLimitIdentitySource (identitySource)
VARIABLE- Identity is resolved from the configuredtargetVariable(e.g. IP address, user, or API key)AUTH_RESOLVED- Identity is taken from the username/key resolved by the authentication policy. When selected,executionOrderis forced toAFTER_API_METHODandtargetVariableis ignored (the API must have an authentication policy that runs before this position)
EnumRateLimitOutOfTargetAction (outOfTargetAction)
BLOCK- Requests outside the target audience are blockedGENERAL_QUOTA- A general quota is applied to requests outside the target audience
EnumRateLimitGeneralQuotaMode (generalQuotaMode)
TOTAL- All out-of-target requests share a single common counterPER_IDENTITY- Each out-of-target identity is counted separately
EnumRateLimitTimeInterval (generalQuotaTimeInterval)
ONE_SECONDONE_MINUTEONE_HOURONE_DAYONE_MONTH
Variable Object (targetVariable)
See Variable Definition for complete variable documentation.
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | Variable name (unique identifier) |
| description | string | No | Variable description |
| type | string | Yes | Variable type. See Variable Types |
| headerName | string | No* | Header name (required if type=HEADER) |
| paramType | string | No* | Parameter type (required if type=PARAMETER). See EnumVariableParameterType |
| paramName | string | No* | Parameter name (required if type=PARAMETER) |
| paramPath | string | No* | Parameter path template (required if type=PARAMETER and paramType=PATH) |
| formName | string | No | Form field name (optional, used if paramType=FORM) |
| messageContentType | string | No* | Message content type (required if type=BODY). See EnumMessageContentType |
| xpathValue | string | No* | XPath expression (required if type=BODY and messageContentType=XML) |
| jsonPathValue | string | No* | JsonPath expression (required if type=BODY and messageContentType=JSON) |
| contextValue | string | No* | Context value (required if type=CONTEXT_VALUES). See EnumVariableContextValue |
| zoneId | string | No* | Time zone ID (required for date/time context values) |
| initWithScript | boolean | No | false |
| scriptLanguage | string | No* | Script language (required if type=CUSTOM or initWithScript=true). See EnumScriptType |
| scriptBody | string | No* | Script body (required if type=CUSTOM or initWithScript=true) |
Target Audience Rule Object (targetAudienceRuleList)
Each rule compares the resolved identity value against a literal value using a single operator. Rules are evaluated with OR logic: a request is in the target audience when at least one rule matches (or the identity is in the target credentials list).
| Field | Type | Required | Description |
|---|---|---|---|
| operator | string | Yes | Comparison operator. Common values: EQ, NE, EQ_IGNORE_CASE, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH, IN, NOT_IN (and their _IGNORE_CASE variants) |
| value | string | Yes | Value to compare the resolved identity against (for IN/NOT_IN, a delimiter-separated list) |
Notes
namemust be unique within the projectnamemust not be empty- RLCL is created empty (no credentials or endpoints)
- Use Add Credentials and Add Endpoints endpoints to configure the RLCL
- When
identitySourceisAUTH_RESOLVED,executionOrderis automatically set toAFTER_API_METHODandtargetVariableis ignored - Each
targetAudienceRuleListentry must have a non-nulloperatorand a non-emptyvalue - When
outOfTargetActionisGENERAL_QUOTA,generalQuotaPermittedMessageCountandgeneralQuotaTimeIntervalPeriodLengthmust be greater than 0 andgeneralQuotaTimeIntervalis required
Response
Success Response (200 OK)
{
"success": true
}
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "name value can not be empty!"
}
or
{
"error": "bad_request",
"error_description": "An RLCL with same name (PremiumUserRLCL) already exists in project!"
}
or
{
"error": "bad_request",
"error_description": "generalQuotaPermittedMessageCount must be greater than 0 when outOfTargetAction is GENERAL_QUOTA!"
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/rlcl/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "PremiumUserRLCL",
"description": "Rate limit for premium users",
"enabled": true,
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 3,
"cacheErrorHandlingType": "FAIL",
"timeIntervalWindowType": "FIXED",
"showRateLimitStatisticsInResponseHeader": false
}'
Notes and Warnings
- Name Uniqueness:
- RLCL name must be unique within the project
- If name already exists, creation will fail
- Empty RLCL:
- RLCL is created empty (no credentials or endpoints)
- Use Add Credentials and Add Endpoints endpoints to configure
- Target Variable:
- Target variable defines what to rate limit (e.g., IP address, user ID)
- If null, rate limiting is applied per credential
Permissions
- User must have
IDENTITY+MANAGEpermission in the project
Related Documentation
- Update RLCL - Update an RLCL
- Add Credentials - Add credentials to RLCL
- Add Endpoints - Add endpoints to RLCL