/
Adding New Throttling Policies

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Adding New Throttling Policies

May 07, 2019

WSO2 API Manager admins can add new throttling policies and define extra properties to the throttling policies. To get started, click the level of throttling that you want to add a new policy to:

To make changes in the throttling configurations, set the EnableAdvanceThrottling parameter in api-manager.xml. This parameter is set to true by default. If you set it to false, you only see the available tiers.

Adding a new advanced throttling policy

You can add advanced throttling policies to both APIs and resources.

  1. Sign in to the Admin Portal using the URL https://localhost:9443/admin  and your admin credentials (admin/admin by default).

  2. Click Advanced Throttling under the Throttle Policies section to see the set of existing throttling tiers. 

  3. To add a new tier, click Add Tier.

  4. Fill in the required details and click Save

  5. To add throttling limits with different parameters to the conditions below, click Add Conditional Group.

    You can add Description about condition group by click Sample description about condition group under Condition Group.

  6. Turn on the required condition and enter a condition and value. 

  7. Header condition and JWT claim condition values allow regex patterns to be defined.
    You can configure it to make either an exact match or a pattern match for the value using the regex values. For example,

  8. Once done, click Add.

You have added a new advanced throttling policy. You can now apply it to an API or a resource.

You possibly can configure multiple conditional groups when defining a tier for advanced throttling policies. For example, Its possible to apply IP based throttling and query pram condition both in one advanced policy tier.

 

Adding a new application-level throttling tier

Application-level throttling policies are applicable per access token generated for an application. 

  1. Sign in to the Admin Portal using the URL https://localhost:9443/admin and your admin credentials (admin/admin by default).

  2. Click Application Tiers under the Throttle Policies section to see the set of existing throttling tiers. 

  3. To add a new tier, click Add New Policy.

  4. Fill in the required details and click Save

 

You have added a new application-level throttling policy.

 

Adding a new subscription-level throttling tier

  1. Sign in to the Admin Portal using the URL  https://localhost:9443/admin  and your admin credentials.

  2. Click Subscription Policies under the Throttling Policies section. The existing set of throttling tiers are displayed. 

  3. To add a new tier, click Add New Policy.

  4. Fill in the details required by this form and click Save once you are done. 

    Given below are the descriptions of the fields you find in the form:

    You have added a new subscription-level throttling policy.

    Adding a custom throttling policy

    Custom throttling allows system administrators to define dynamic rules for specific use cases, which are applied globally across all tenants. When a custom throttling policy is created, it is possible to define any policy you like. The Traffic Manager acts as the global throttling engine and is based on the same technology as WSO2 Complex Event Processor (CEP), which uses the Siddhi query language. Users are therefore able to create their own custom throttling policies by writing custom Siddhi queries. The specific combination of attributes being checked in the policy need to be defined as the key (also called the key template). The key template usually includes a predefined format and a set of predefined parameters. It can contain a combination of allowed keys separated by a colon (:), where each key must start with the prefix $. The following keys can be used to create custom throttling policies:

    resourceKey, userId, apiContext, apiVersion, appTenant, apiTenant, appId 

    For example, the following sample custom policy allows the admin user to send 5 requests per minute to the Pizza Shack API. 

    Key Template

    $userId:$apiContext:$apiVersion

    Siddhi query

    FROM RequestStream SELECT userId, ( userId == 'admin@carbon.super' and apiContext == '/pizzashack/1.0.0' and apiVersion == '1.0.0') AS isEligible , str:concat('admin@carbon.super',':','/pizzashack/1.0.0:1.0.0') as throttleKey INSERT INTO EligibilityStream; FROM EligibilityStream[isEligible==true]#throttler:timeBatch(1 min) SELECT throttleKey, (count(userId) >= 5) as isThrottled, expiryTimeStamp group by throttleKey INSERT ALL EVENTS into ResultStream;

    As shown in the above Siddhi query, the throttle key must match the key template format. If there is a mismatch between the key template format and the throttle key, requests will not be throttled.