Spike Control policy limit or restrict the number of request an API can accept in a defined window of time. It doesn’t reject the requests when the number exceed in defined window of time and the policy allows requests to be queued for later reprocessing without closing the connection to the client.
Please go through the https://docs.mulesoft.com/api-manager/2.x/spike-control-reference to understand the sliding window algorithm.
Also please check Rate Limiting which is same as Spike control but it doesn’t have queued mechanism with sliding window feature.
To Start with we will create a mule application and connect it with API manager – please see how we can connect the mulesoft application to API Manager
After deployment in Cloudhub the API manager configuration will come as Active
Now we will apply the policy
Select Spike Control
Now update the policy configuration
We can see below properties
- Number of Reqs – Maximum quota allowed per time window.
- Time Period – window of time
- Delay Time in Milliseconds – Amount of time request will be delayed before retrying (delaying is a CPU intensive process).
- Delay Attempts – The maximum number of times the policy will try to process the request if there is no quota available (delaying is a CPU intensive process).
- Queuing Limit – The maximum number of concurrent requests that can be waiting
- Expose header – Spike Control related headers will be passed back to caller.
These headers are:
- x-ratelimit-remaining – remaining hits in a window of time
- x-ratelimit-limit – max limit in a window of time
- x-ratelimit-reset – window of time in milliseconds
Lets populate the field as per our need
We are expecting 2 requests in 5 seconds window and if more request come then those will be queued (max 5 request) for 3 seconds
Now if we test this API in SOAP UI
First request – response time is 695 ms
Second request within 5 sec – response time is 335 ms
x-ratelimit-remaining is zero now and if we hit it one more time within 5 seconds
You will see a delay in response for the third request as the 5 seconds window was not closed and we hit it for 3rd time. So the 3rd request is queued and waited for next window and when next window open then request is processed
For 3rd request – response time is 3337 ms (which include queued time also)
Sample application – sample-rest-service-spike-control
Sample SOAP UI project – sample-rest-service-spike-control-soapui-project