5.2 API Throttling Policies

Use the following information to determine why and when you would use an API throttling policy and how to configure the policy. The API throttling policies are the subscription tier settings.

5.2.1 Understanding API Throttling Policies

Secure API Manager uses API throttling policies to limit the number of successful requests to the API through subscription tiers. Developers set the subscription tiers on the API when they create new APIs. By associating the tiers to the API, you limit the number of requests that come through the API Gateway for each API. This allows you to give specific APIs a higher access rate than other APIs.

By default, Secure API Manager contains four tiers:

  • Bronze: Allows 1000 requests per second

  • Silver: Allows 2000 requests per second

  • Gold: Allows 5000 requests per second

  • Unlimited: Allows unlimited requests

It is important to note that even though you might assign an API to the Unlimited tier, if you set the Maximum Backend Throughput option to something other than Unlimited, the Maximum Backend Throughput setting takes precedence over the tiers option.

5.2.2 Using the API Throttling Policies

The API throttling policy is a Throttling Setting named Subscription Tiers that you define when you create an API or edit. You must configure this setting for each API that you create or import.

You must select one of the available options to finish creating or importing an API.

To set the Subscription Tiers setting:

  1. Log in to the Publisher using an administrative account.

    https://lifecycle-manager-dns-name:9444/publisher

    The dns-name is the fully qualified hostname of the appliance running the Lifecycle Manager component.

  2. On an API for which you want to change the number of calls to an API per minute, click Edit.

  3. Scroll to the end of the page, then click Next: Implement.

  4. Scroll to the end of the page, then click Next: Manage.

  5. Under Throttling Settings > Subscription Tiers, select the appropriate level of calls for your API.

  6. Click Save and Publish.

  7. Repeat Step 2 through Step 6 for each API that uses the back-end service where you want to limit the requests.