Quota
Quota policy is used to configure the number of request messages that an application is allowed to submit to an API per hour/day/week/month.
- The most logical part of the resource to which quota can be attached is the Proxy Request to immediately check the quota before allowing the message flow to continue.
- To shield against overall traffic spikes, use Spike Arrest policy instead of Quota.
Configuration
The properties that have to be configured to use the policy are described below.
Figure 1: Quota Policy Configuration attributes
Property | Description |
Quota Policy Type | Various levels of Quota configuration:
Refer to the Quota Policy Type section below for details. |
Quota | Specifies the number of request messages that an application is allowed to submit to an API per hour/day/week/month. |
Weight | Assign weight to specific messages to increase/decrease the impact of request messages over other messages. For example, it can consider POST messages twice as "heavy" or expensive as GET messages. Implications to the Variable name in Client Subscription Properties
|
Quota Identifier | For the Quota policy to work, each application requires a unique identifier to be presented with each request. The identifier can be customized. It can be any HTTP header, query parameter, form parameter, or message content that is unique to each consumer application. |
Reject if Quota Identifier not found | Enable to reject a request that does not match or match the variable set for the Context Variable/Parameter/Header in the Quota Identifier. If left disabled, it allows requests considering the default value set. |
Quota | Specifies the number of request messages that an application is allowed to submit to an API per hour/day/week/month. |
Distributed | This option is used to fetch data from the distributed database (Cassandra). If disabled, it fetches data from the cache memory in the local machine. |
Synchronous | Specifies that the remaining quota value gets updated after every call. This option is suggested when the quota value is a hard limit to the number of calls that can be made. The Synchronous option gets enabled when the Distributed option is enabled.
|
Re-sync Interval | Specifies the time that the system waits for before rechecking the availability of quota for the user. The Re-sync Interval option gets enabled when the Synchronous option is disabled.
|
Quota Policy Type
Advanced
This is the default option, which allows configuring all the properties described in the above table.
Click the Edit button corresponding to the Weight, Quota, and Quota Identifier to configure Type, Variable Name, and Default Value.
Figure 4: Dialog box to choose Identifier Type
Refer to the Configuring Message Part Identifier section to configure these parameters.
Basic
Basic allows to set Quota and Quota Identifier values alone.
Figure 5: Quota and Quota Identifier properties to configure in the Basic option
Fetch from product corresponding to developer ID
With this option selected, it assumes the quota as configured in the Product Configuration for which the weight can be configured additionally.
Verify API Key policy has to be added before adding the Quota policy in order to fetch the quota details set in the corresponding product configuration.
Figure 6: Weight property to configure in the "Fetch from product corresponding to developer ID" option
Figure 7: Quota property values configured in the Product Configuration screen
Examples
Examples mentioned below illustrate some sample configurations and their implications on the request.
Example 1
Quota Policy must be configured in conjunction with Verify API key or Verify Access Token policies so that the details of the product, client, client subscription to which the API key/access token belongs can be used to apply the quota limits.
Context Variables provide a way to store temporary data inside a flow and then use it in subsequent parts of the flow. This is the most common mechanism of context sharing among policies in a project.
The Verify API key policy populates the following context variables, among others, which can be used in quota policy.
- api.product.quota.allowed -The quota of the product corresponding to the client subscription to which the API key belongs.
- api.developer.id - The ID of the developer to which the API key corresponds to.
So, when a quota policy is added after the Verify API Key policy, the following configuration will make sure that the values are fetched from the corresponding product and developer.
- Quota:
- Type: CONTEXT_VARIABLE
- Variable Name: api.product.quota.allowed
- Default Value: Having the Verify API Key before the quota policy makes sure that the variable is populated.
- Quota Identifier:
- Type: CONTEXT_VARIABLE
- Variable Name: api.developer.id
- Default Value: Any value
- Weight:
- Type: PARAMETER
Name: weight (The name of the Query Parameter which needs to be used as the identifier)
As Type is "PARAMETER", the variable name mentioned in the Client Subscription should be specified as below:
CODEproxy.request.query.weight
Figure 8: Client Subscription Property variable name provided as the Weight variable name with prefix for variable type - PARAMETER- Default Value: 1
Figure 9: Quota policy properties with values provided in Example 1
This policy restricts the number of requests to 10 per hour for the project. If the number of requests exceeds the limit, then an error message appears such as the one below:
Figure 10: Error message that appears when the requests exceed the set limit
Example 2
The number of requests that have to be processed for a project is obtained by dividing 'Quota' by 'Weight'. As per the configuration below, Quota/Weight equals to ‘5’. Therefore, the maximum number of requests processed per hour is ‘5’.
- Quota :
- Type: CONSTANT
- Default Value: 10/1/hour
- Quota Identifier:
- Type: CONTEXT_VARIABLE
- Variable Name: api.developer.id
- Default Value: default
- Weight:
- Type: CONSTANT
- DefaultValue: 2
Figure 11: Quota policy properties with values provided in Example 2
Example 3
As explained in Example 1, when a project has both Verify API Key/Verify access token and Quota policies configured, the details about the product, client, and client subscription will be populated automatically. Consider the client subscription below.
Figure 12: Quota policy properties with values provided in Example 3
It is possible to assign a variable such as "subscription.weight" in the properties of the client subscriptions such that the most important subscription is provided the least weight. Therefore, a product with a quota of 10 requests per hour and with a client whose subscription has weight 1 can send 10 requests per hour, while with a client whose subscription has weight 2 can send only 5 requests per hour.
- Quota:
- Type: CONTEXT_VARIABLE
- Variable Name: api.product.quota.allowed
- Default Value: 10/1/hour (Setting the quota value to 10 per hour). Having Verify API Key before the quota policy makes sure that the variable is populated.
- Quota Identifier:
- Type: CONTEXT_VARIABLE
- Variable Name: api.developer.id
- Default Value: default (any value)
- Weight:
- Type: CONTEXT_VARIABLE
Name: subscription.weight
As Type is "CONTEXT_VARIABLE", the variable name mentioned in the Client Subscription (under Properties) is provided with the same name (subscription.weight) as displayed in the figure above.
- Default Value: 1.