Updated on 2023-11-29 GMT+08:00

Configuring API Request Throttling

Request throttling limits the number of times an API can be called within a period to protect the backend service. To provide continuous and stable services, create request throttling policies. If request throttling is triggered for an API, all API calling requests during the request throttling period will be discarded and a failure response will be returned to the calling party.

A request throttling policy and an API are independent of each other. A request throttling policy takes effect for an API only after it is bound to the API.

Constraints

An API can be bound to only one request throttling policy in an environment, but each request throttling policy can be bound to multiple APIs.

Creating a Request Throttling Policy

  1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
  2. In the navigation pane on the left, choose API Connect > API Policies. On the Policies tab, click Create Policy.
  3. On the Select Policy Type page, select Request Throttling in the Traditional Policy area.
  4. On the page displayed, configure request throttling information.
    Table 1 Parameters for creating a request throttling policy

    Parameter

    Description

    Policy Name

    Enter a request throttling policy name. Using naming rules facilitates future search.

    Type

    Select the type of the request throttling policy.

    • API-specific: Requests are throttled based on each API the policy is bound to.
    • API-sharing: Requests are throttled based on all APIs as a whole.

    Period

    Enter the request throttling duration in seconds, minutes, hours, or days. This parameter must be used together with request limit parameters:

    • Max. API Requests limits calls
    • Max. User Requests limits calls by a user
    • Max. Credential Requests limits calls by a credential
    • Max. IP Address Requests limits calls by an IP address

    Max. API Requests

    Enter the maximum number of times that an API can be called. This parameter is used along with Period.

    Max. User Requests

    Enter the maximum number of times that an API can be called by a user. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.

    Max. Credential Requests

    Enter the maximum number of times that an API can be called by a credential. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.

    Max. IP Address Requests

    Enter the maximum number of times that an API can be called by an IP address. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.

    Description

    Describe the request throttling policy.

  5. Click OK.

    After the request throttling policy is created, perform the operations described in Binding a Request Throttling Policy to an API to make the policy take effect for the API.

Binding a Request Throttling Policy to an API

  1. On the Policies tab, filter policies by Request Throttling.
  2. Click the name of a policy to go to the details page.
  3. On the APIs tab, select the environment of the APIs you want to bind the policy to, and click Bind to APIs.
  4. On the page displayed, select the APIs to bind the policy to.

    APIs can be filtered by API group and API name.

  5. Click OK.

Binding a Request Throttling Policy to an Application

To throttle requests for an integration application, add an excluded application to the request throttling policy. The Max. Credential Requests of the application will then be restricted by the threshold of the excluded applications, while Max. API Requests and Max. User Requests are restricted by the throttling policy.

  1. On the Policies tab, filter policies by Request Throttling.
  2. Click the name of a request throttling policy.
  3. Click the Excluded Credentials tab and click Select Excluded App.
  4. In the Select Excluded App dialog box, configure application information.
    Table 2 Excluded app parameters

    Parameter

    Description

    App

    Select the integration application type.

    • Existing: integration application created by the current user
    • Cross-tenant: integration application created by another user. Enter the ID of the integration application created by another user in the current instance.

    App Name

    This parameter is mandatory only if App is set to Existing.

    Select the integration application the request throttling policy will bind to.

    Threshold

    Enter the maximum number of times that an API can be called by the integration application within a specified period. The value of this parameter cannot be greater than the Max. API Requests in the request throttling policy.

  5. Click OK.

Binding a Request Throttling Policy to a Tenant

To throttle requests for a tenant, add an excluded tenant to the request throttling policy. The Max. User Requests of the tenant will then be limited by the threshold of the excluded tenant, while Max. API Requests and Max. App Requests are limited by the throttling policy.

  1. On the Policies tab, filter policies by Request Throttling.
  2. Click the name of a request throttling policy.
  3. Click the Excluded Tenants tab and click Select Excluded Tenant.
  4. In the Select Excluded Tenant dialog box, configure tenant information.
    Table 3 Parameters for configuring an excluded tenant

    Parameter

    Description

    Account ID

    Enter the ID of the tenant the request throttling policy will bind to.

    • If the App authentication mode is used to call APIs, the tenant ID is the project ID of the user to which the integration application belongs.
    • If IAM authentication is used to call APIs, enter the account ID of the caller.

    Click the username in the upper right corner of the console and choose My Credentials to obtain the project ID and account ID.

    Threshold

    Enter the maximum number of times that an API can be called by the tenant within a specified period. The value of this parameter cannot be greater than the Max. API Requests in the request throttling policy.

  5. Click OK.