WSO2 API Manager provides the ability to control the number of successful hits to an API during a given period which you can enable at runtime. To protect your APIs and regulate traffic and access to the resources, you can engage throttling policies not only in the API creation and publishing state. But also for te published APIs at runtime.
The steps below show how to engage a throttling policy to an API at runtime.
Write a new throttling policy. For example, the following sample throttling policy points to a backend service and allows 1000 concurrent requests to a service.
Code Block language html/xml <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle" wsu:Id="WSO2MediatorThrottlingPolicy"> <throttle:MediatorThrottleAssertion> <throttle:MaximumConcurrentAccess>1000</throttle:MaximumConcurrentAccess> <wsp:Policy> <throttle:ID throttle:type="IP">other</throttle:ID> </wsp:Policy> </throttle:MediatorThrottleAssertion> </wsp:Policy>
- Log in to the API Manager's management console (
https://localhost:9443/carbon
) and click the Resource > Browse menu to view the registry.
- Click the
/_system/goverence/apimgt/applicationdata
path to go to its detailed view.
In the detail view, click the Add Resource link.
Upload the policy file to the server as a registry resource.
In the management console, select the Service Bus > Source View menu.
The configurations of all APIs created in the API Manager instance opens. To engage the policy to a selected API, add it to your API definition. In this example, we add it to the login API.
Code Block language html/xml <api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMLoginAPI_" context="/login"> <resource methods="POST" url-mapping="/*"> <inSequence> <send> <endpoint> <address uri="https://localhost:9493/oauth2/token"/> </endpoint> </send> </inSequence> <outSequence> <send/> </outSequence> </resource> <handlers> <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler"> <property name="id" value="A"/> <property name="policyKey" value="gov:/apimgt/applicationdata/throttle.xml"/> </handler> <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/> </handlers> </api>
Note Note: Be sure to specify the same path used in step 5 in the policy key of your API definition. Also, use the same tier name you selected when creating the API as the throttle id in the policy (example <throttle:ID throttle:type ="ROLE">Gold</throttle:ID>).
...