Ana içeriğe geç

Create RLCL

Endpoint

POST /apiops/projects/{projectName}/rlcl/

Authentication

Requires a Personal API Access Token.

Authorization: Bearer YOUR_TOKEN

Request

Headers

HeaderValueRequired
AuthorizationBearer {token}Yes
Content-Typeapplication/jsonYes

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name

Request Body

Full JSON Body Example - Basic RLCL

{
"name": "PremiumUserRLCL",
"description": "Rate limit for premium users",
"enabled": true,
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 3,
"cacheErrorHandlingType": "FAIL",
"timeIntervalWindowType": "FIXED",
"showRateLimitStatisticsInResponseHeader": false,
"targetVariable": null
}

Full JSON Body Example - RLCL with Target Variable

{
"name": "IPBasedRLCL",
"description": "Rate limit based on IP address",
"enabled": true,
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 5,
"cacheErrorHandlingType": "CONTINUE",
"timeIntervalWindowType": "SLIDING",
"showRateLimitStatisticsInResponseHeader": true,
"targetVariable": {
"name": "clientIp",
"type": "CONTEXT_VALUES",
"contextValue": "REQUEST_REMOTE_ADDRESS"
}
}

Full JSON Body Example - RLCL with Target Audience and General Quota

{
"name": "TargetedRLCL",
"description": "Rate limit premium users; apply a general quota to everyone else",
"enabled": true,
"identitySource": "VARIABLE",
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 3,
"cacheErrorHandlingType": "FAIL",
"timeIntervalWindowType": "FIXED",
"showRateLimitStatisticsInResponseHeader": true,
"targetVariable": {
"name": "clientApiKey",
"type": "HEADER",
"headerName": "X-API-Key"
},
"targetAudienceRuleList": [
{ "operator": "STARTS_WITH", "value": "premium-" },
{ "operator": "EQ", "value": "vip-customer" }
],
"outOfTargetAction": "GENERAL_QUOTA",
"generalQuotaMode": "PER_IDENTITY",
"generalQuotaPermittedMessageCount": 100,
"generalQuotaTimeIntervalPeriodLength": 1,
"generalQuotaTimeInterval": "ONE_MINUTE"
}

Request Body Fields

FieldTypeRequiredDefaultDescription
namestringYes-RLCL name (unique identifier within project)
descriptionstringNo-RLCL description
enabledbooleanNotrueWhether the RLCL is enabled
executionOrderstringNoBEFORE_API_PROXYExecution position in the request policy flow. See EnumExecutionOrder
cacheConnectionTimeoutInSecondsintegerNo3Cache connection timeout in seconds
cacheErrorHandlingTypestringNoFAILCache error handling type. See EnumCacheErrorHandlingType
timeIntervalWindowTypestringNoFIXEDTime interval window type. See EnumIntervalWindowType
showRateLimitStatisticsInResponseHeaderbooleanNofalseShow rate limit statistics in response header
targetVariableobject|nullNonullTarget variable for rate limiting (used when identitySource=VARIABLE). See Variable Object
identitySourcestringNoVARIABLEHow the request identity is resolved. See EnumRateLimitIdentitySource
targetAudienceRuleListarrayNo[]Target audience rules (operator + value), evaluated with OR logic. See Target Audience Rule Object
outOfTargetActionstringNoBLOCKBehaviour for requests outside the target audience. See EnumRateLimitOutOfTargetAction
generalQuotaModestringNoTOTALGeneral quota mode (used when outOfTargetAction=GENERAL_QUOTA). See EnumRateLimitGeneralQuotaMode
generalQuotaPermittedMessageCountintegerNo*-Permitted message count for the general quota (required if outOfTargetAction=GENERAL_QUOTA, must be > 0)
generalQuotaTimeIntervalPeriodLengthintegerNo*-Time interval period length for the general quota (required if outOfTargetAction=GENERAL_QUOTA, must be > 0)
generalQuotaTimeIntervalstringNo*-Time interval unit for the general quota (required if outOfTargetAction=GENERAL_QUOTA). See EnumRateLimitTimeInterval

EnumExecutionOrder (executionOrder)

The execution position in the request policy flow. The flow is: proxy group policies → API proxy policies → API method policies → backend routing.

  • BEFORE_PROXY_GROUP - Run before the proxy group policies
  • AFTER_PROXY_GROUP - Run after the proxy group policies (same position as BEFORE_API_PROXY)
  • BEFORE_API_PROXY - Run before the API proxy policies (default; same position as AFTER_PROXY_GROUP)
  • AFTER_API_PROXY - Run after the API proxy policies (same position as BEFORE_API_METHOD)
  • BEFORE_API_METHOD - Run before the API method policies (same position as AFTER_API_PROXY)
  • AFTER_API_METHOD - Run after the API method policies
  • FIRST - Deprecated. Equivalent to BEFORE_API_METHOD. Kept for backward compatibility
  • LAST - Deprecated. Equivalent to AFTER_API_METHOD. Kept for backward compatibility

EnumCacheErrorHandlingType (cacheErrorHandlingType)

  • FAIL - Fail the request if cache error occurs
  • CONTINUE - Continue processing if cache error occurs

EnumIntervalWindowType (timeIntervalWindowType)

  • FIXED - Fixed time interval window
  • SLIDING - Sliding time interval window

EnumRateLimitIdentitySource (identitySource)

  • VARIABLE - Identity is resolved from the configured targetVariable (e.g. IP address, user, or API key)
  • AUTH_RESOLVED - Identity is taken from the username/key resolved by the authentication policy. When selected, executionOrder is forced to AFTER_API_METHOD and targetVariable is ignored (the API must have an authentication policy that runs before this position)

EnumRateLimitOutOfTargetAction (outOfTargetAction)

  • BLOCK - Requests outside the target audience are blocked
  • GENERAL_QUOTA - A general quota is applied to requests outside the target audience

EnumRateLimitGeneralQuotaMode (generalQuotaMode)

  • TOTAL - All out-of-target requests share a single common counter
  • PER_IDENTITY - Each out-of-target identity is counted separately

EnumRateLimitTimeInterval (generalQuotaTimeInterval)

  • ONE_SECOND
  • ONE_MINUTE
  • ONE_HOUR
  • ONE_DAY
  • ONE_MONTH

Variable Object (targetVariable)

See Variable Definition for complete variable documentation.

FieldTypeRequiredDescription
namestringYesVariable name (unique identifier)
descriptionstringNoVariable description
typestringYesVariable type. See Variable Types
headerNamestringNo*Header name (required if type=HEADER)
paramTypestringNo*Parameter type (required if type=PARAMETER). See EnumVariableParameterType
paramNamestringNo*Parameter name (required if type=PARAMETER)
paramPathstringNo*Parameter path template (required if type=PARAMETER and paramType=PATH)
formNamestringNoForm field name (optional, used if paramType=FORM)
messageContentTypestringNo*Message content type (required if type=BODY). See EnumMessageContentType
xpathValuestringNo*XPath expression (required if type=BODY and messageContentType=XML)
jsonPathValuestringNo*JsonPath expression (required if type=BODY and messageContentType=JSON)
contextValuestringNo*Context value (required if type=CONTEXT_VALUES). See EnumVariableContextValue
zoneIdstringNo*Time zone ID (required for date/time context values)
initWithScriptbooleanNofalse
scriptLanguagestringNo*Script language (required if type=CUSTOM or initWithScript=true). See EnumScriptType
scriptBodystringNo*Script body (required if type=CUSTOM or initWithScript=true)

Target Audience Rule Object (targetAudienceRuleList)

Each rule compares the resolved identity value against a literal value using a single operator. Rules are evaluated with OR logic: a request is in the target audience when at least one rule matches (or the identity is in the target credentials list).

FieldTypeRequiredDescription
operatorstringYesComparison operator. Common values: EQ, NE, EQ_IGNORE_CASE, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH, IN, NOT_IN (and their _IGNORE_CASE variants)
valuestringYesValue to compare the resolved identity against (for IN/NOT_IN, a delimiter-separated list)

Notes

  • name must be unique within the project
  • name must not be empty
  • RLCL is created empty (no credentials or endpoints)
  • Use Add Credentials and Add Endpoints endpoints to configure the RLCL
  • When identitySource is AUTH_RESOLVED, executionOrder is automatically set to AFTER_API_METHOD and targetVariable is ignored
  • Each targetAudienceRuleList entry must have a non-null operator and a non-empty value
  • When outOfTargetAction is GENERAL_QUOTA, generalQuotaPermittedMessageCount and generalQuotaTimeIntervalPeriodLength must be greater than 0 and generalQuotaTimeInterval is required

Response

Success Response (200 OK)

{
"success": true
}

Error Response (400 Bad Request)

{
"error": "bad_request",
"error_description": "name value can not be empty!"
}

or

{
"error": "bad_request",
"error_description": "An RLCL with same name (PremiumUserRLCL) already exists in project!"
}

or

{
"error": "bad_request",
"error_description": "generalQuotaPermittedMessageCount must be greater than 0 when outOfTargetAction is GENERAL_QUOTA!"
}

cURL Example

curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/rlcl/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "PremiumUserRLCL",
"description": "Rate limit for premium users",
"enabled": true,
"executionOrder": "BEFORE_API_PROXY",
"cacheConnectionTimeoutInSeconds": 3,
"cacheErrorHandlingType": "FAIL",
"timeIntervalWindowType": "FIXED",
"showRateLimitStatisticsInResponseHeader": false
}'

Notes and Warnings

  • Name Uniqueness:
    • RLCL name must be unique within the project
    • If name already exists, creation will fail
  • Empty RLCL:
    • RLCL is created empty (no credentials or endpoints)
    • Use Add Credentials and Add Endpoints endpoints to configure
  • Target Variable:
    • Target variable defines what to rate limit (e.g., IP address, user ID)
    • If null, rate limiting is applied per credential

Permissions

  • User must have IDENTITY + MANAGE permission in the project