Throttling allows you to limit the number of hits to an API during a given period of time, typically in cases such as the following:
...
Throttling is enabled in the API Manager in different levels as API-level, application-level, resource-level and IP-level.
API-level throttling
API-level throttling tiers are defined when Creating an API using the API Publisher. At subscription time, the consumers of the API can log in to the API Store and select which tier they are interested in as follows:
...
...
IP-level throttling
In IP address based throttling, you can limit the number of requests sent by a client IP (e.g., 10 calls from single client). For example, the throttling policy shown below allows only 1 API call per minute for a client from 10.1.1.1 and 2 calls per minute for a client from any other IP address:
Code Block | ||
---|---|---|
| ||
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle"> <throttle:MediatorThrottleAssertion> <wsp:Policy> <throttle:ID throttle:type="IP">10.1.1.1</throttle:ID> <wsp:Policy> <throttle:Control> <wsp:Policy> <throttle:MaximumCount>1</throttle:MaximumCount> <throttle:UnitTime>60000</throttle:UnitTime> </wsp:Policy> </throttle:Control> </wsp:Policy> </wsp:Policy> <wsp:Policy> <throttle:ID throttle:type="IP">other</throttle:ID> <wsp:Policy> <throttle:Control> <wsp:Policy> <throttle:MaximumCount>2</throttle:MaximumCount> <throttle:UnitTime>60000</throttle:UnitTime> </wsp:Policy> </throttle:Control> </wsp:Policy> </wsp:Policy> </throttle:MediatorThrottleAssertion></wsp:Policy> |
How throttling tiers work
...
The following throttling policy allows 1000 concurrent requests to a service.
Code Block language html/xml <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle" wsu:Id="WSO2MediatorThrottlingPolicy"> <throttle:MediatorThrottleAssertion> <throttle:MaximumConcurrentAccess>1000</throttle:MaximumConcurrentAccess> <wsp:Policy> <throttle:ID throttle:type="IP">other</throttle:ID> </wsp:Policy> </throttle:MediatorThrottleAssertion> </wsp:Policy>
- Start the API Manager, log in to its management console (
https://localhost:9443/carbon
) and click the Resource > Browse menu to view the registry. - Click the
goverence/apimgt/applicationdata
path to go to its detailed view. - In the detail view, click the Resource link and upload the created policy file to the server as a registry resource.
In the management console, select the Service Bus > Source View menu.
The configurations of all APIs created in the API Manager instance opens. To engage the policy to a selected API, add it to your API definition. In this example, we add it to the login API.
Code Block language html/xml <?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMLoginAPI_" context="/login"> <resource methods="POST" url-mapping="/*"> <inSequence> <send> <endpoint> <address uri="https://localhost:9493/oauth2/token"/> </endpoint> </send> </inSequence> <outSequence> <send/> </outSequence> </resource> <handlers> <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler"> <property name="id" value="A"/> <property name="policyKey" value="gov:/apimgt/applicationdata/throttle.xml"/> </handler> <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/> </handlers> </api>
Note Be sure to specify the same path used in step 3 in the policy key of your API definition.
- You have successfully engaged a throttling policy to an API.
Go back to Tier Availability section in Creating an API page.