Spike Control


Spike Control policy limit or restrict the number of request an API can accept in a defined window of time. It doesn’t reject the requests when the number exceed in defined window of time and the policy allows requests to be queued for later reprocessing without closing the connection to the client.

Please go through the https://docs.mulesoft.com/api-manager/2.x/spike-control-reference to understand the sliding window algorithm.

Also please check Rate Limiting which is same as Spike control but it doesn’t have queued mechanism with sliding window feature.


To Start with we will create a mule application and connect it with API manager – please see how we can connect the mulesoft application to API Manager

After deployment in Cloudhub the API manager configuration will come as Active

Spike Control


Now we will apply the policy

Spike Control


Select Spike Control

Spike Control


Now update the policy configuration

Spike Control


We can see below properties

  • Number of Reqs – Maximum quota allowed per time window.
  • Time Period – window of time
  • Delay Time in Milliseconds – Amount of time request will be delayed before retrying (delaying is a CPU intensive process).
  • Delay Attempts – The maximum number of times the policy will try to process the request if there is no quota available (delaying is a CPU intensive process).
  • Queuing Limit – The maximum number of concurrent requests that can be waiting
  • Expose header – Spike Control related headers will be passed back to caller.

These headers are:

      • x-ratelimit-remaining – remaining hits in a window of time
      • x-ratelimit-limit – max limit in a window of time
      • x-ratelimit-reset – window of time in milliseconds


Lets populate the field as per our need

Spike Control


We are expecting 2 requests in 5 seconds window and if more request come then those will be queued (max 5 request) for 3 seconds

Click apply


Now if we test this API in SOAP UI

First request – response time is 695 ms


Second request within 5 sec – response time is 335 ms


x-ratelimit-remaining is zero now and if we hit it one more time within 5 seconds

You will see a delay in response for the third request as the 5 seconds window was not closed and we hit it for 3rd time. So the 3rd request is queued and waited for next window and when next window open then request is processed

For 3rd request – response time is 3337 ms (which include queued time also)


Sample application – sample-rest-service-spike-control

Sample SOAP UI project – sample-rest-service-spike-control-soapui-project


Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.

Share this:
Notify of
Inline Feedbacks
View all comments