Configuring API Request Throttling

Request throttling limits the number of times an API can be called within a period to protect the backend service. To provide continuous and stable services, create request throttling policies. If request throttling is triggered for an API, all API calling requests during the request throttling period will be discarded and a failure response will be returned to the calling party.

A request throttling policy and an API are independent of each other. A request throttling policy takes effect for an API only after it is bound to the API.

Constraints

An API can be bound to only one request throttling policy in an environment, but each request throttling policy can be bound to multiple APIs.

Creating a Request Throttling Policy

Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
In the navigation pane on the left, choose API Connect > API Policies. On the Policies tab, click Create Policy.
On the Select Policy Type page, select Request Throttling in the Traditional Policy area.

On the page displayed, configure request throttling information.

**Table 1** Parameters for creating a request throttling policy
Parameter	Description
Policy Name	Enter a request throttling policy name. Using naming rules facilitates future search.
Type	Select the type of the request throttling policy. API-specific: Requests are throttled based on each API the policy is bound to. API-sharing: Requests are throttled based on all APIs as a whole.
Period	Enter the request throttling duration in seconds, minutes, hours, or days. This parameter must be used together with request limit parameters: Max. API Requests limits calls Max. User Requests limits calls by a user Max. Credential Requests limits calls by a credential Max. IP Address Requests limits calls by an IP address
Max. API Requests	Enter the maximum number of times that an API can be called. This parameter is used along with Period.
Max. User Requests	Enter the maximum number of times that an API can be called by a user. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.
Max. Credential Requests	Enter the maximum number of times that an API can be called by a credential. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.
Max. IP Address Requests	Enter the maximum number of times that an API can be called by an IP address. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.
Description	Describe the request throttling policy.

Click OK.
After the request throttling policy is created, perform the operations described in Binding a Request Throttling Policy to an API to make the policy take effect for the API.

Binding a Request Throttling Policy to an API

On the Policies tab, filter policies by Request Throttling.
Click the name of a policy to go to the details page.
On the APIs tab, select the environment of the APIs you want to bind the policy to, and click Bind to APIs.
On the page displayed, select the APIs to bind the policy to.
APIs can be filtered by API group and API name.
Click OK.

Binding a Request Throttling Policy to an Application

To throttle requests for an integration application, add an excluded application to the request throttling policy. The Max. Credential Requests of the application will then be restricted by the threshold of the excluded applications, while Max. API Requests and Max. User Requests are restricted by the throttling policy.

On the Policies tab, filter policies by Request Throttling.
Click the name of a request throttling policy.
Click the Excluded Credentials tab and click Select Excluded App.

In the Select Excluded App dialog box, configure application information.

**Table 2** Excluded app parameters
Parameter	Description
App	Select the integration application type. Existing: integration application created by the current user Cross-tenant: integration application created by another user. Enter the ID of the integration application created by another user in the current instance.
App Name	This parameter is mandatory only if App is set to Existing. Select the integration application the request throttling policy will bind to.
Threshold	Enter the maximum number of times that an API can be called by the integration application within a specified period. The value of this parameter cannot be greater than the Max. API Requests in the request throttling policy.

Click OK.

Binding a Request Throttling Policy to a Tenant

To throttle requests for a tenant, add an excluded tenant to the request throttling policy. The Max. User Requests of the tenant will then be limited by the threshold of the excluded tenant, while Max. API Requests and Max. App Requests are limited by the throttling policy.

On the Policies tab, filter policies by Request Throttling.
Click the name of a request throttling policy.
Click the Excluded Tenants tab and click Select Excluded Tenant.

In the Select Excluded Tenant dialog box, configure tenant information.

**Table 3** Parameters for configuring an excluded tenant
Parameter	Description
Account ID	Enter the ID of the tenant the request throttling policy will bind to. If the App authentication mode is used to call APIs, the tenant ID is the project ID of the user to which the integration application belongs. If IAM authentication is used to call APIs, enter the account ID of the caller. Click the username in the upper right corner of the console and choose My Credentials to obtain the project ID and account ID.
Threshold	Enter the maximum number of times that an API can be called by the tenant within a specified period. The value of this parameter cannot be greater than the Max. API Requests in the request throttling policy.