Rate Limiting

 

Rate Limiting policy limit or restrict the number of request an API can accept in a defined window of time. It rejects the request when the number exceed in defined window of time. We can define multiple limits with window size ranging from milliseconds to years.

So we can have limit like

  • Limit 1 – 120 requests per 60 minutes
  • Limit 2 – 20 requests per 10 seconds

And both can hold true and policy will make sure that both limits will be respected

 

To Start with we will create a mule application and connect it with API manager – please see how we can connect the mulesoft application to API Manager

After deployment in Cloudhub the API manager configuration will come as Active

 

Now we will apply the Rate Limiting policy

 

Select Rate Limiting

 

Now update the policy configuration

 

We can see below properties

  • Identifier – for each identifier set of limits defined in policy will be enforced independently e.g. for every customer id or client id we can run the limits independently – define in dataweave expression
  • Limits – window of time
  • Clusterizable – to apply at cluster level
  • Expose header – Ratelimit related headers will be passed back to caller.
    • These headers are:
      • x-ratelimit-remaining – remaining hits in a window of time
      • x-ratelimit-limit – max limit in a window of time
      • x-ratelimit-reset – window of time in milliseconds

Lets populate the field as per our need

Rate Limiting

 

Click apply

Rate Limiting

 

Now if we test this API in SOAP UI

Rate Limiting

 

We can see the different ratelimit header

 

For sixth request in 30 seconds window we will get HTTP 429 Too Many Request error like below

Rate Limiting

 

HTTP Response:

HTTP/1.1 429 Too Many Requests
Content-Type: application/json; charset=UTF-8
Date: Tue, 02 Jun 2020 05:29:07 GMT
Server: nginx
x-ratelimit-limit: 5
x-ratelimit-remaining: 0
x-ratelimit-reset: 12017
Content-Length: 40
Connection: keep-alive

{
  "error": "Quota has been exceeded"
}

 

If we change the query param destination to something else then we can see the new rate limit will come up which will be independent of other param destination’s values.

Sample application – sample-rest-service-rate-limiting

Sample SOAP UI project – sample-rest-service-rate-limiting-soapui-project

 

  
Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
 
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.
Share this:
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Swati
Swati
10 months ago

Is same sla based ratelimiting is distributed to multiple clients?

0
Reply