Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Throttling allows you to limit the number of hits to an API during a given period of time, typically in cases such as the following:

...

API-level throttling

API-level throttling tiers are defined when Creating an API using the API Publisher. At subscription time, the consumers of the API can log in to the API Store and select which tier they are interested in as follows:

...

Resource-level throttling is defined to HTTP verbs of an API's resources by the developer at the time an API is created using the Publisher. When a subscriber views an API using the API Store, s/he can see the resource-level throttling tiers using the Throttle Info tab as follows:

...

Subscribers are not allowed to change these throttling tiers. They are simply notified of the limitations.

IP-level throttling

In IP address based throttling, you can limit the number of requests sent by a client IP (e.g., 10 calls from single client). For example, the throttling policy shown below allows only 1 API call per minute for a client from 10.1.1.1 and 2 calls per minute for a client from any other IP address:

 

Code Block
languagehtml/xml
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"  

xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle">   
<throttle:MediatorThrottleAssertion>    
<wsp:Policy>            
<throttle:ID throttle:type="IP">10.1.1.1</throttle:ID>            
<wsp:Policy>                
<throttle:Control>                    
<wsp:Policy>                        
<throttle:MaximumCount>1</throttle:MaximumCount>                        
<throttle:UnitTime>60000</throttle:UnitTime>                    
</wsp:Policy>                
</throttle:Control>           
</wsp:Policy>        
</wsp:Policy>
     
<wsp:Policy>            
<throttle:ID throttle:type="IP">other</throttle:ID>            
<wsp:Policy>                
<throttle:Control>                    
<wsp:Policy>                        
<throttle:MaximumCount>2</throttle:MaximumCount>                        
<throttle:UnitTime>60000</throttle:UnitTime>                   
 </wsp:Policy>                
</throttle:Control>            
</wsp:Policy>        
</wsp:Policy>    
</throttle:MediatorThrottleAssertion></wsp:Policy> 

 

How throttling tiers work

...

  1. The following throttling policy allows 1000 concurrent requests to a service.

    Code Block
    languagehtml/xml
    <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle"
                wsu:Id="WSO2MediatorThrottlingPolicy">
        <throttle:MediatorThrottleAssertion>
            <throttle:MaximumConcurrentAccess>1000</throttle:MaximumConcurrentAccess>
            <wsp:Policy>
                <throttle:ID throttle:type="IP">other</throttle:ID>           
            </wsp:Policy>
        </throttle:MediatorThrottleAssertion>
    </wsp:Policy>
  2. Start the API Manager, log in to its management console (https://localhost:9443/carbon) and click the Resource > Browse menu to view the registry.
  3. Click the goverence/apimgt/applicationdata path to go to its detailed view.
    Image Modified
  4. In the detail view, click the Resource link and upload the created policy file to the server as a registry resource.
  5. In the management console, select the Service Bus > Source View menu.

  6. The configurations of all APIs created in the API Manager instance opens. To engage the policy to a selected API, add it to your API definition. In this example, we add it to the login API.

    Code Block
    languagehtml/xml
    <?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" 
    name="_WSO2AMLoginAPI_" context="/login">
        <resource methods="POST" url-mapping="/*">
            <inSequence>
                <send>
                    <endpoint>
                        <address uri="https://localhost:9493/oauth2/token"/>
                    </endpoint>
                </send>
            </inSequence>
            <outSequence>
                <send/>
            </outSequence>
        </resource>
        <handlers>
     <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler">
           <property name="id" value="A"/>
           <property name="policyKey" value="gov:/apimgt/applicationdata/throttle.xml"/>
           </handler> 
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
        </handlers>
    </api>
    Note

    Be sure to specify the same path used in step 3 in the policy key of your API definition.

  7. You have successfully engaged a throttling policy to an API.

Go back to Tier Availability section in Creating an API page.