Rate Limit Control List
With this policy, the following settings can be configured for each API and endpoint:
Permitted Message Count: The maximum number of requests allowed within the specified time interval.
Time Interval Period Length: The length of the time interval.
Time Interval: The unit of the time interval (second, minute, hour, day, month).
Rate limit control works as follows:
When a request is received, the target variable (e.g., IP address) is retrieved.
It is checked whether this value is in the target identity list.
If the value is in the target identity list or matches via regex, rate limiting is applied for the relevant endpoint.
If the user has exceeded the limit, the request is rejected; otherwise, it proceeds.
While responding to the request, if configured, rate limit statistics are added to the response headers.
This configuration provides a powerful mechanism to protect your APIs from overuse and to define different usage limits for different users.
The image below shows the settings of the Rate Limit Control List page:
The fields used for rate limit configuration are shown in the table below.
Field | Description |
---|---|
Name | A name can be given to make the configuration easier to use and manage. You'll need this name when selecting or managing the configuration. |
Description | A description can be provided to clarify the purpose and context of the configuration. |
Execution Order | The rate limit policy determines when it will be applied. Rate limit controls always execute after the policies on the "ALL" path, but when "FIRST" is selected, it is applied before the other policies on the endpoint, and when "LAST" is selected, it is applied after the other policies on the endpoint. |
It determines the type of time interval to be used in rate limit calculations. It can take the values FIXED or SLIDING. When FIXED is selected, a fixed number of requests are accepted within a specific period (e.g., at the beginning of each hour). When SLIDING is selected, the number of requests within a certain recent period (e.g., the last hour) is taken into account. | |
It specifies the maximum duration to wait in seconds when connecting to the cache service. | |
| It determines the maximum time to wait in seconds when establishing a connection to the cache service. |
Show Rate Limit Statistics in Response Header | Determines whether to include rate limit stats in the response headers. If set to TRUE, headers like X-RateLimit-Remaining, X-RateLimit-Limit, X-RateLimit-Reset, X-RateLimit-Identity, and X-RateLimit-Type are added. |
| Rate limit uygulanacak kullanıcı veya istemciyi tanımlamak için kullanılacak değişkeni belirler. Bu, örneğin IP adresi, kullanıcı kimliği veya API anahtarı olabilir. Bu değişken değeri, kimlik belirleme için kullanılır. |
Regular Expressions for Target Credentials | Regular expressions used to match specific identity values in a flexible way. |
Target Credentials | A list of specific identity values to which the rate limit policy will apply. |
APIs and Endpoints | A list of APIs and endpoints to which the rate limit policy is applied. |