Engaging a new Throttling Policy at Runtime
WSO2 API Manager provides the ability to control the number of successful hots to an API during a given period which you can enable at runtime. To protect your APIs and regulate traffic and access to the resources, you can engage throttling policies not only in the API creation and publishing state. But also for te published APIs at runtime.
The steps below show how to engage a throttling policy to an API at runtime.
Write a new throttling policy. For example, the following sample throttling policy points to a backend service and allows 1000 concurrent requests to a service.
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle" wsu:Id="WSO2MediatorThrottlingPolicy"> <throttle:MediatorThrottleAssertion> <throttle:MaximumConcurrentAccess>1000</throttle:MaximumConcurrentAccess> <wsp:Policy> <throttle:ID throttle:type="IP">other</throttle:ID> </wsp:Policy> </throttle:MediatorThrottleAssertion> </wsp:Policy>
- Log in to the API Manager's management console (
https://localhost:9443/carbon
) and click the Resource > Browse menu to view the registry.
- Click the
/_system/goverence/apimgt/applicationdata
path to go to its detailed view.
In the detail view, click the Add Resource link.
Upload the policy file to the server as a registry resource.
Open the synapse configuration file of a slected API you want to engage the policy from <API-M_HOME>/repository/deployment/server/synapse-configs/default/api directory.
To engage the policy to a selected API, add it to your API definition. In this example, we add it to the login API under APIThrottleHandler.
<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMLoginAPI_" context="/login"> <resource methods="POST" url-mapping="/*"> <inSequence> <send> <endpoint> <address uri="https://localhost:9493/oauth2/token"/> </endpoint> </send> </inSequence> <outSequence> <send/> </outSequence> </resource> <handlers> <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler"> <property name="id" value="A"/> <property name="policyKey" value="gov:/apimgt/applicationdata/throttle.xml"/> </handler> <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/> </handlers> </api>
Note: Be sure to specify the same path used in step 5 in the policy key of your API definition. Also, use the same tier name you selected when creating the API as the throttle id in the policy (example <throttle:ID throttle:type ="ROLE">Gold</throttle:ID>).
You have successfully engaged a throttling policy to an API at runtime, without restarting the server.