Throttling allows you to limit the number of hits to an API during a given period of time, typically to protect your APIs from security attacks and your backend services from overuse, regulate traffic according to infrastructure limitations and to regulate usage for monetization. For information on different levels of throttling in WSO2 Cloud, see Throttling tiers.
This tutorial uses the
PhoneVerification API, which has one resource, GET and POST methods to access it and a throttling policy enforced.
After you created, published and subscribed to the API, let's see how the API Gateway enforces throttling and resource access policies to the API.
Log in to the API Cloud and the API Publisher will open automatically.
Click the Go to API Store link in the top right-hand corner of the API Publisher to open your default API Store.
Tip: You can access any tenant's store using the URL
- Click the API Console tab.
- Expand the
GETmethod, give the
LicenseKeyparameters and invoke the API.
The response appears in the console. As we used a valid phone number in this example, the response returns as valid.
- Within a minute after the first API invocation, make another attempt to invoke the API.
- Note that you get a throttling error saying that you exceeded your quota. This is because you subscribed to the API on the Bronze throttling tier and the Bronze tier only allows you to make one call to the API per minute.
Let's try to invoke an invalid resource.
Install cURL if it is not there in your environment. Note that cURL comes by default in some operating systems. You can also use any other REST client.
Open the command line and execute the following cURL command with an invalid resource name (e.g.,
CheckPhoneNum.) Get the
<API URL>from the API's Overview tab in the API Store.
- Note that you get a message as 'no matching resource.' This is because you are trying to access a REST resource that is not defined for the API.
In this tutorial, you saw how the API Gateway enforces throttling and resource access policies to APIs.