Rate limiting – SLA based


Rate limiting – SLA based policy limit or restrict the number of request an API can accept in a defined window of time for a particular SLA. It rejects the request when the number exceed in defined window of time for a particular SLA.

Rate limiting policy is generally used for monetizing the API usage. For example think of weather API more like a product API which provide weather forecast and to monetize the API usage then company can come up with different SLA like Free Subscription, Silver Subscription and Gold Subscription.

  • Free Subscription – 10 requests per minute and will be automatically approved
  • Silver Subscription (not free) – 100 requests per minute and will be manually approved
  • Gold Subscription (not free) – 1000 requests per minute and will be manually approved

To Start with we will create a mule application and connect it with API manager – please see how we can connect the mulesoft application to API Manager

After deployment in Cloudhub the API manager configuration will come as Active

Rate limiting - SLA based


Let’s create different SLA

Rate limiting - SLA based


Free Subscription

Rate limiting - SLA based


Silver Subscription


Gold Subscription

Rate limiting - SLA based


Now we can see all required subscription

Rate limiting - SLA based


Now we will apply the Rate limiting – SLA based policy


Select Rate limiting – SLA based


Now update the policy configuration


We can see below properties

  • Client ID and Secret – are the authorization details of different client applications which are created when client application apply to particular SLA subscription. client_id and client_secret will be passed as HTTP headers.
  • Clusterizable – to apply at cluster level
  • Expose header – Rate limiting – SLA based related headers will be passed back to caller.

These headers are:

      • x-ratelimit-remaining – remaining hits in a window of time
      • x-ratelimit-limit – max limit in a window of time
      • x-ratelimit-reset – window of time in milliseconds

Click apply


Let’s generate different Client application.

  • Mulesy Developer Application – who need to evaluate API before going to purchase it for actual use.
  • News Agency Application –NEWS agency who want to use the APIs for their NEWS website


To create Application – Go to Exchange – REST API asset


Click on Request access


Select the API Instance and then create new application


Provide the application name


And the select the free Subscription


Click request access


Similarly we will create News Agency Application with Gold Subscription


Click Request access


As we have selected manual approval for Gold Membership SLA then we have to explicitly approved it

Go back to policy and then contract


And approve the pending request


When we approve the Subscription then the Client application will receive the client id and secret on their email otherwise they can go in Exchange -> Manage application to get their Client id and Secret


Now if we test this API in SOAP UI

For Free Subscription

Get the Client ID and Secret – Exchange – My application

SOAP UI – pass client_id and client_secret as header

Rate limiting - SLA based


Based on Client ID and Secret the policy knows which SLA the contract belongs to and it will automatically apply the required SLA

We can see the different Rate limiting – SLA based header


For 11th request in 60 seconds window we will get HTTP 429 Too Many Request error like below

HTTP/1.1 429 Too Many Requests
Content-Type: application/json; charset=UTF-8
Date: Tue, 02 Jun 2020 06:46:11 GMT
Server: nginx
x-ratelimit-limit: 10
x-ratelimit-remaining: 0
x-ratelimit-reset: 37293
Content-Length: 40
Connection: keep-alive

  "error": "Quota has been exceeded"


Rate limiting - SLA based


For Gold Subscription

Client ID and Secret

Rate limiting - SLA based



Rate limiting - SLA based


We can see the Gold Subscription related SLA – 1000 requests in 1 minutes


Sample application – sample-rest-service-rate-limiting-sla

Sample SOAP UI project – sample-rest-service-rate-limiting-sla-soapui-project


Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.

Share this:
Notify of
Inline Feedbacks
View all comments