Secure API Manager allows you to control the number of calls and authorizations to the APIs for a certain period through throttling policies. You might want to use throttling policies for several different reasons:
Protect the APIs from denial of service (DOS) attacks
Control traffic due to infrastructure availability
Provide APIs, applications, and resources to users at different service levels
There are many different components involved when a user accesses an application or service that makes a call to an API stored in Secure API Manager.
The back-end services
The APIs in the API Gateway that act as proxies to the back-end services
The applications and resources that use the APIs in the API Gateway
Several throttling policies are available for the different components and you create the different throttling policies for different reasons. Use the following information to determine when to use the different throttling policies and how to create them.