Configuring Request Throttling 2.0

Updated on 2024-11-27 GMT+08:00

View PDF

ROMA Connect provides flexible extension capabilities for APIs through plug-in policies. Request throttling 2.0 limits the number of times an API can be called within a specific time period to protect backend services.

Plug-in policies and APIs are independent of each other. A plug-in policy takes effect for an API only after it is bound to the API. When binding a plug-in policy to an API, you must specify an environment where the API has been published. The plug-in policy takes effect for the API only in the specified environment.

Constraints

An API can be bound to only one plug-in policy of the same type in the same environment. A plug-in policy that has been bound to an API cannot be deleted.
If an API has been bound by a traditional request throttling policy and a request throttling 2.0 policy at the same time, the request throttling 2.0 policy takes effect.

Creating a Request Throttling 2.0 Policy

Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
In the navigation pane on the left, choose API Connect > API Policies. On the Policies tab, click Create Policy.
On the Select Policy Type page, select Request Throttling 2.0 in the Plug-ins area.

On the page displayed, configure plug-in policy information.

**Table 1** Policy configuration
Parameter	Description
Name	Enter a policy name. Using naming rules facilitates future search.
Type	Fixed as Request Throttling 2.0.
Scope	Specify the scope to view the policy. Integration application: Each policy belongs to an integration application. Only users who have the permission on the integration application can view and use the policy. All: All users in the current instance can view and use the policy.
Integration Application	Mandatory for Scope set to Integration application. Select an integration application for the policy. If none is available, click Create Integration Application on the right to create one.
Description	Describe the policy.
Policy Content: Configure the policy in a form or script. For details about how to configure a script, see Script Configuration Example.
Throttling	Set the throttling type. High-performance throttling is recommended. High precision: There is no error in a specific period, with poor performance in high concurrency scenarios. Select this type in low concurrency scenarios. High-performance: There are occasionally small errors in a specific period, with small performance penalty in high concurrency scenarios. Select this type in high concurrency scenarios. Single-node: There are certain errors in a specific period, with smaller performance penalty in high concurrency scenarios. Select this type in higher concurrency scenarios.
Policy Information
Policy Type	Select a policy type. API-specific: Requests of APIs bound to the current plug-in are calculated separately. API-sharing: Requests of all APIs bound to the current plug-in are calculated together.
Period	Enter the request throttling duration in seconds, minutes, hours, or days. This parameter must be used together with parameters in Basic Throttling: Max. API Requests limits calls Max. User Requests limits calls by a user Max. Credential Requests limits calls by a credential Max. IP Address Requests limits calls by an IP address
Basic Throttling
Max. API Requests	Enter the maximum number of times that an API can be called. This parameter is used along with Period.
Max. User Requests	Enter the maximum number of times that an API can be called by a user. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.
Max. Credential Requests	Enter the maximum number of times that an API can be called by a credential. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.
Max. IP Address Requests	Enter the maximum number of times that an API can be called by an IP address. This parameter is used along with Period. The value of this parameter cannot be greater than the Max. API Requests.
Parameter-based Throttling	Specify whether to enable parameter-based throttling. Once enabled, rules and throttling limits in the policy you configure here override those in Basic Throttling. If a parameter-based throttling policy is matched, its throttling limits take effect. If no parameter-based throttling policy is matched, throttling limits configured in Basic Throttling take effect.
Define Parameters	Define the parameters for rule matching. Click Add Parameter to add rule parameters. Parameter Location: position of a parameter in an API request. path: API request URI. This parameter is configured by default. method: API request method. This parameter is configured by default. header: first value of the header parameter in an API request. NOTE: For security purposes, do not include sensitive information in these parameters. query: first value of the query parameter in an API request. system: a system parameter. Parameter: name of a parameter used for rule matching.
Define Rules	Define the rules for parameter-based throttling. Click Add Rule to add rules. The system matches rules from top to bottom. Rules: Click to modify the condition expression. If there are three or more expressions, you can layer them by clicking Set Lower Level. =: equal to !=: not equal to pattern: regular expression enum: enumerated values, separated by comma (,) Max. API Requests: Enter the maximum number of times that bound APIs can be called. This parameter is used along with Period. Period: Enter the throttling duration in seconds, minutes, hours, or days. This parameter is used along with Max. API Requests. For example, add the Host parameter and specify the location as header; add the condition Host = www.abc.com, and set the throttling limit to 10 and the period to 60s. For APIs whose Host parameter in the request header is equal to www.abc.com, they cannot be called again once called 10 times in 60s.
Excluded Throttling	Specify whether to enable excluded throttling for tenants or integration applications. The throttling limits for excluded tenants and applications override the Max. User Requests and Max. Credential Requests set in Basic Throttling.
Excluded Tenants	Click Add Tenant to limit the requests of specified tenants. Account ID: Enter the ID of the tenant to which the request throttling policy is to be bound. If the App authentication mode is used to call APIs, the tenant ID is the project ID of the user to which the integration application belongs. If IAM authentication is used to call APIs, enter the account ID of the caller. Click the username in the upper right corner of the console and choose My Credentials to obtain the project ID and account ID. Threshold: Enter the maximum number of times that an API can be called by the tenant within the specified period. The value of this parameter cannot be greater than the Max. API Requests in Basic Throttling.
Excluded Apps	Click Add App to limit the requests of specified integration applications. App: Select an integration application for request throttling. Threshold: Enter the maximum number of times that an API can be called by the application within the specified period. The value of this parameter cannot be greater than the Max. API Requests in Basic Throttling.

Click OK.
After a plug-in policy is created, perform Binding a Plug-in Policy to an API for the policy to take effect for the API.

Binding a Plug-in Policy to an API

On the Policies tab, filter policies by Request Throttling 2.0.
Click the name of a policy to go to the details page.
On the APIs tab, select the environment of the APIs you want to bind the policy to, and click Bind to APIs.
On the page displayed, select the APIs to bind the policy to.
APIs can be filtered by API group and API name.
Click OK.

Script Configuration Example

{
  "scope": "basic",
  "default_interval": 60,
  "default_time_unit": "second",
  "api_limit": 100,
  "app_limit": 50,
  "user_limit": 50,
  "ip_limit": 20,
  "specials": [
    {
      "type": "app",
      "policies": [
        {
          "key": "e9230d70c749408eb3d1e838850cdd23",
          "limit": 10
        }
      ]
    },
    {
      "type": "user",
      "policies": [
        {
          "key": "878f1b87f71c40a7a15db0998f358bb9",
          "limit": 10
        }
      ]
    }
  ],
  "algorithm": "counter",
  "parameters": [
    {
      "id": "3wuj354lpptv0toe0",
      "value": "reqPath",
      "type": "path",
      "name": "reqPath"
    },
    {
      "id": "53h7e7j11u38l3ocp",
      "value": "method",
      "type": "method",
      "name": "method"
    },
    {
      "id": "vv502bnb6g40td8u0",
      "value": "Host",
      "type": "header",
      "name": "Host"
    }
  ],
  "rules": [
    {
      "match_regex": "[\"Host\",\"==\",\"www.abc.com\"]",
      "rule_name": "u8mb",
      "time_unit": "second",
      "interval": 2,
      "limit": 5
    }
  ]
}

Parent topic: Configuring API Plug-in Policies

Previous topic: Configuring HTTP Response Header Management

Next topic: Configuring Kafka Log Push

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot