Rate limiting – SLA based
Rate limiting – SLA based policy limit or restrict the number of request an API can accept in a defined window of time for a particular SLA. It rejects the request when the number exceed in defined window of time for a particular SLA.
Rate limiting policy is generally used for monetizing the API usage. For example think of weather API more like a product API which provide weather forecast and to monetize the API usage then company can come up with different SLA like Free Subscription, Silver Subscription and Gold Subscription.
- Free Subscription – 10 requests per minute and will be automatically approved
- Silver Subscription (not free) – 100 requests per minute and will be manually approved
- Gold Subscription (not free) – 1000 requests per minute and will be manually approved
To Start with we will create a mule application and connect it with API manager – please see how we can connect the mulesoft application to API Manager
After deployment in Cloudhub the API manager configuration will come as Active
Let’s create different SLA
Free Subscription
Silver Subscription
Gold Subscription
Now we can see all required subscription
Now we will apply the Rate limiting – SLA based policy
Select Rate limiting – SLA based
Now update the policy configuration
We can see below properties
- Client ID and Secret – are the authorization details of different client applications which are created when client application apply to particular SLA subscription. client_id and client_secret will be passed as HTTP headers.
- Clusterizable – to apply at cluster level
- Expose header – Rate limiting – SLA based related headers will be passed back to caller.
These headers are:
-
-
- x-ratelimit-remaining – remaining hits in a window of time
- x-ratelimit-limit – max limit in a window of time
- x-ratelimit-reset – window of time in milliseconds
-
Click apply
Let’s generate different Client application.
- Mulesy Developer Application – who need to evaluate API before going to purchase it for actual use.
- News Agency Application –NEWS agency who want to use the APIs for their NEWS website
To create Application – Go to Exchange – REST API asset
Click on Request access
Select the API Instance and then create new application
Provide the application name
And the select the free Subscription
Click request access
Similarly we will create News Agency Application with Gold Subscription
Click Request access
As we have selected manual approval for Gold Membership SLA then we have to explicitly approved it
Go back to policy and then contract
And approve the pending request
When we approve the Subscription then the Client application will receive the client id and secret on their email otherwise they can go in Exchange -> Manage application to get their Client id and Secret
Now if we test this API in SOAP UI
For Free Subscription
Get the Client ID and Secret – Exchange – My application
SOAP UI – pass client_id and client_secret as header
Based on Client ID and Secret the policy knows which SLA the contract belongs to and it will automatically apply the required SLA
We can see the different Rate limiting – SLA based header
For 11th request in 60 seconds window we will get HTTP 429 Too Many Request error like below
HTTP/1.1 429 Too Many Requests Content-Type: application/json; charset=UTF-8 Date: Tue, 02 Jun 2020 06:46:11 GMT Server: nginx x-ratelimit-limit: 10 x-ratelimit-remaining: 0 x-ratelimit-reset: 37293 Content-Length: 40 Connection: keep-alive { "error": "Quota has been exceeded" }
For Gold Subscription
Client ID and Secret
SOAP UI
We can see the Gold Subscription related SLA – 1000 requests in 1 minutes
Sample application – sample-rest-service-rate-limiting-sla
Sample SOAP UI project – sample-rest-service-rate-limiting-sla-soapui-project