WSO2 API Cloud allows you to apply advanced throttling policies either at the API level or resource level. These policies can be created to perform throttling based on either request count or request bandwidth. When you create an advanced throttling policy, you can also go on to configure various conditions such as IP address, IP address ranges, headers, query parameters, and JWT claims to apply a throttling limit based on a specific condition.
The following topics walk you through the steps to add, edit, and delete advanced throttling policies.
...
Follow the steps below to add a new advanced throttling policy, which you can apply when publishing an API.:
| Info | ||
|---|---|---|
| ||
Depending on your requirement, you can apply an advanced throttling policy either to the API or per API resource. If you apply the policy at resource level, then the API level policy selection will be disabled and vice versa. |
- Sign in to WSO2 API Cloud (https://api.cloud.wso2.com) as an admin user.
- On the top pane of the API Publisher, click Configure and then click Admin Dashboard.
This takes you to the Admin Dashboard. - On the left navigation pane, click THROTTLING POLICIES, and then click ADVANCED POLICIES. This displays the Advanced Throttling Policies screen with the existing policies.
- Click ADD NEW POLICY.
This displays the Add Advanced Throttle Policy screen.
Anchor point5 point5 - Specify appropriate values for each of the fields.
- Under Default Limits, you will see two options, namely Request Count and Request Bandwidth. Select an option depending on your requirement.
For example, If you are using an API for file sharing or data transmission, select Request Bandwidth to limit the data bandwidth for a given time unit. Under Conditional Groups, you can add a required condition to the throttling policy to apply a throttling limit based on a specified condition.
Expand title Click here for instructions on how to add conditional groups. - Click Add Conditional Group.
Click on the condition group to expand it, then select a required condition and turn it on. The conditions you can add are as follows:
Condition Description IP Condition Allows you to set a throttling limit for a specific IP address or a range of IP addresses. Header Condition Allows you to set a throttling limit to specific headers and parameters. If you select this condition, you can specify a regex pattern regular expression as the Param Value. The regex pattern can be specified to make either an exact match or a pattern match for the value. Query Param Condition Allows you to set a throttling limit to specific query parameters. JWT Claim Condition Allows you to set a throttling limit to specific claims. If you select this condition, you can specify a regex pattern regular expression as the Param Value. The regex pattern can be specified to make either an exact match or a pattern match for the value. Tip You can configure multiple condition groups when creating an advanced throttling policy. For example, if necessary it is possible to apply an IP condition and a query pram condition to the same advanced policy that you create.
Specify appropriate values for each of the fields depending on the condition you selected.
Under Execution Policy, specify appropriate values for the fields depending on your requirement.
Note An execution policy is applicable only to the condition it is specified for. For example, if you select IP condition and set the request count as shown in the diagram given below, then only 5 requests are allowed per minute via the specified IP address. Any request that is not from the specified IP address falls to the default limit.
- Under Default Limits, you will see two options, namely Request Count and Request Bandwidth. Select an option depending on your requirement.
- Click Save.
...