Using Apinizer’s quota per client policy, you are able to limit the amount of requests a certain client can send in a certain time window. This can be useful for traffic management, spam protection, or for keeping track of users in a subscription-based API. To follow this tutorial, you should already have Apinizer installed and an API gateway defined.
For starters, go to your API’s gateway screen and click the “Add policy” button.
This will bring up a list of available policies. You’ll want to select “Quota per Client” from that list. Once you do, another dialog will open to ask you if you want to create this policy as a local or global policy. Local policies are kept with that gateway and can only be applied to that gateway. Global policies on the other hand are kept separately from a gateway, and can be used across many gateways. For our example, we’re going to create a local policy.
Defining the Policy
Once you select the “Local Policy” option, Apinizer will need you to determine two parameters for the quota policy:
- Variable is the value that must be in requests to identify clients. This can be in the message’s parameters or header (or even it’s body). You can use variables you’ve defined before, such as clients’ API keys.
- Quota is where you determine the actual quota values. You can determine how many requests should be allowed per time frame. The time frame can go from a minute to a year.
After those are set, you can save the policy and redeploy the gateway. You should now have a working quota policy for your API.
Apinizer’s documentation also features a page detailing the Quota Per Client policy. You can find additional details about the policy at that page: