This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Enforce Throttling and Resource Access Policies

  1. Log in to the API Cloud and the API Publisher will open automatically.

  2. Click the Go to API Store link in the top right-hand corner of the API Publisher to open your default API Store.  
    API Store 

    Tip: You can access any tenant's store using the URL http://<hostname>/Store?tenant=<tenant_name>.

  3. Click the API Console tab. 
     
  4. Expand the GET method, give the PhoneNumber and LicenseKey parameters and invoke the API.
     
  5. The response appears in the console. As we used a valid phone number in this example, the response returns as valid.

  6. Within a minute after the first API invocation, make another attempt to invoke the API.
  7. Note that you get a throttling error saying that you exceeded your quota. This is because you subscribed to the API on the Bronze throttling tier and the Bronze tier only allows you to make one call to the API per minute.

    Let's try to invoke an invalid resource. 
  8. Install cURL if it is not there in your environment. Note that cURL comes by default in some operating systems. You can also use any other REST client.

  9. Open the command line and execute the following cURL command with an invalid resource name (e.g., CheckPhoneNum.) Get the <API URL> from the API's Overview tab in the API Store.

    curl -H "Authorization:Bearer <access token>" -v '<API URL>/CheckPhoneNum?PhoneNumber=123456&LicenseKey=0'

  10. Note that you get a message as 'no matching resource.' This is because you are trying to access a REST resource that is not defined for the API.
     

In this tutorial, you saw how the API Gateway enforces throttling and resource access policies to APIs.