Configuring a Request Throttling Policy

Overview

Request throttling limits the number of times an API can be called within a period to protect the backend service. To provide continuous and stable services, create request throttling policies to control the number of calls made to your APIs.

A request throttling policy and an API are independent of each other. A request throttling policy takes effect for an API only after it is bound to the API.

• An API can be bound to only one request throttling policy in an environment, but each request throttling policy can be bound to multiple APIs.
• If request throttling is triggered for an API, all API calling requests during the request throttling period will be discarded and a failure response will be returned to the calling party.

Creating a Request Throttling Policy

1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
2. In the navigation pane on the left, choose API Connect > API Management. On the Request Throttling Policies tab page, click Create.
3. In the Create Request Throttling Policy dialog box, configure policy information.

   Table 1 Parameters for creating a request throttling policy

   Parameter	Description
   Name	Enter a request throttling policy name. It is recommended that you enter a name based on naming rules to facilitate search.
   Type	Select the type of the request throttling policy. API-specific: Requests are throttled based on each API to which the policy is bound. API-sharing: Requests are throttled based on all APIs as a whole to which the policy is bound.
   Period	Enter the request throttling duration. The unit can be seconds, minutes, hours, or days. This parameter must be used together with the following request throttling parameters: Max. API Requests limits calls Max. User Requests limits calls by a user Max. App Requests: limits the total number of times an API can be called by an application within a period. Max. IP Address Requests limits calls by an IP address
   Max. API Requests	Enter the maximum number of times that an API can be called. This parameter is used along with Period.
   Max. User Requests	Enter the maximum number of times that an API can be called by a user. This parameter is used along with Period. The value of this parameter cannot be greater than that of Max. API Requests.
   Max. App Requests	Enter the maximum number of times that an API can be called by an application. This parameter is used along with Period. The value of this parameter cannot be greater than that of Max. API Requests.
   Max. IP Address Requests	Enter the maximum number of times that an API can be called by an IP address. This parameter is used along with Period. The value of this parameter cannot be greater than that of Max. API Requests.
   Description	Enter the descriptive information of the request throttling policy.

4. Click OK.

   After the request throttling policy is created, you also need to perform the operations described in Binding a Request Throttling Policy to an API to make the policy take effect for the API.

Binding a Request Throttling Policy to an API

1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
2. In the navigation pane on the left, choose API Connect > API Management. On the Request Throttling Policies tab page, click Bind to API of a policy.
3. On the Bind to API page, click Select API.
4. In the Select API dialog box, select the APIs to which the request throttling policy is to be bound in the specified environment.

   APIs can be filtered by API group, environment, and API name.

5. Click OK.

Binding a Request Throttling Policy to an Application

If you want to throttle requests for an integration application, you can add an excluded application to the request throttling policy. After an integration application is added to the request throttling policy, Max. App Requests of the application is restricted by the threshold of the excluded application, and Max. API Requests and Max. User Requests by the throttling policy.

1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
2. In the navigation pane on the left, choose API Connect > API Management. On the Request Throttling Policies tab page, click the name of the request throttling policy that you want to bind to an application.
3. Click the Excluded Apps tab and click Select Excluded App.
4. In the Select Excluded App dialog box, configure application information.

   Table 2 Excluded app parameters

   Parameter	Description
   App	Select the integration application to which the request throttling policy is to be bound.
   Threshold	Enter the maximum number of times that an API can be called by the integration application within a specified period. The value of this parameter cannot be greater than that of Max. API Requests in the request throttling policy.

5. Click OK.

Binding a Request Throttling Policy to a Tenant

If you want to throttle requests for a tenant, you can add an excluded tenant to the request throttling policy. After the tenant is added to the request throttling policy, Max. User Requests of the tenant is limited by the threshold of the excluded tenant, and Max. API Requests and Max. App Requests are limited by the throttling policy.

1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
2. In the navigation pane on the left, choose API Connect > API Management. On the Request Throttling Policies tab page, click the name of the request throttling policy that you want to bind to an application.
3. Click the Excluded Tenants tab and click Select Excluded Tenant.
4. In the Select Excluded Tenant dialog box, configure tenant information.

   Table 3 Parameters for configuring an excluded tenant

   Parameter	Description
   Tenant ID	Enter the ID of the tenant to which the request throttling policy is to be bound. If the App authentication mode is used to call APIs, the tenant ID is the project ID of the user to which the integration application belongs. If IAM authentication is used to call APIs, enter the account ID of the caller. You can click the username in the upper right corner of the console and choose My Credentials to obtain the project ID and account ID of the user on the My Credentials page.
   Threshold	Enter the maximum number of times that an API can be called by the tenant within a specified period. The value of this parameter cannot be greater than that of Max. API Requests in the request throttling policy.

5. Click OK.