|Table of Contents|
API-level throttling tiers are defined by the API creator when Creating an API using the API Publisher. At subscription time, the consumers of the API can log in to the API Store and select which tier they are interested in using the API Store as follows:
According to the tiers s/he selects, the subscriber is granted a maximum number of requests to the API.
Setting tier permissions
Manage Tiers permission can set role-based permissions to API-level access throttling tiers. This is done using the Tier Permissions menu of API Publisher as shown below. For each tier, you can specify a comma-separated list of roles and either Allow or Deny access to the list.
A subscriber logged into the API Store can consume APIs using a specific tier, only if s/he is assigned to a role that is allowed access. In the API Store, the subscriber sees a list of tiers that is filtered based on the subscriber's role. Only the ALLOWED roles appear here. By default, all tiers are allowed to everyone.
How throttling tiers work
- When an API is invoked, it first checks whether the request is allowed by APIapplication-level throttling limit. If the consumer an application has exceeded his/her its maximum number of allowed API requests, the new request will be terminated.
- If APIapplication-level limit is not exceeded, it then checks whether the request is allowed by applicationresource-level throttling limit. If it has exceeded, the request will be terminated.
- If applicationresource-level limit is not exceeded, it finally checks whether the request is allowed by resourceAPI-level throttling limit. If the limit is not exceeded, then the request will be granted.