Rate Limiting


Rate Limiting policy limit or restrict the number of request an API can accept in a defined window of time. It rejects the request when the number exceed in defined window of time. We can define multiple limits with window size ranging from milliseconds to years.

So we can have limit like

  • Limit 1 – 120 requests per 60 minutes
  • Limit 2 – 20 requests per 10 seconds

And both can hold true and policy will make sure that both limits will be respected


To Start with we will create a mule application and connect it with API manager – please see how we can connect the mulesoft application to API Manager

After deployment in Cloudhub the API manager configuration will come as Active


Now we will apply the Rate Limiting policy


Select Rate Limiting


Now update the policy configuration


We can see below properties

  • Identifier – for each identifier set of limits defined in policy will be enforced independently e.g. for every customer id or client id we can run the limits independently – define in dataweave expression
  • Limits – window of time
  • Clusterizable – to apply at cluster level
  • Expose header – Ratelimit related headers will be passed back to caller.
    • These headers are:
      • x-ratelimit-remaining – remaining hits in a window of time
      • x-ratelimit-limit – max limit in a window of time
      • x-ratelimit-reset – window of time in milliseconds

Lets populate the field as per our need

Rate Limiting


Click apply

Rate Limiting


Now if we test this API in SOAP UI

Rate Limiting


We can see the different ratelimit header


For sixth request in 30 seconds window we will get HTTP 429 Too Many Request error like below

Rate Limiting


HTTP Response:

HTTP/1.1 429 Too Many Requests
Content-Type: application/json; charset=UTF-8
Date: Tue, 02 Jun 2020 05:29:07 GMT
Server: nginx
x-ratelimit-limit: 5
x-ratelimit-remaining: 0
x-ratelimit-reset: 12017
Content-Length: 40
Connection: keep-alive

  "error": "Quota has been exceeded"


If we change the query param destination to something else then we can see the new rate limit will come up which will be independent of other param destination’s values.

Sample application – sample-rest-service-rate-limiting

Sample SOAP UI project – sample-rest-service-rate-limiting-soapui-project


Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.

Share this:
Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
1 year ago

Is same sla based ratelimiting is distributed to multiple clients?