This documentation is for WSO2 API Manager 1.5.0 View documentation for the latest release.
Page Comparison - Throttling Tiers (v.13 vs v.20) - API Manager 1.5.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

API-level throttling tiers are defined by the API creator when Creating an API using the API Publisher. At subscription time, the consumers of the API can log in to the API Store and select which tier they are interested in using the API Store as follows:

Image RemovedImage Added

According to the tiers s/he selects, the subscriber is granted a maximum number of requests to the API.

Setting tier permissions

An API creator Users with Manage Tiers permission can set role-based permissions to API-level access throttling tiers. This is done using the Tier Permissions tab menu of API Publisher as follows:

Image Removed

 

 

With this feature role based permissions for each Tier can be defined through the API Publisher. Then the API subscription Tiers are filtered based on the subscriber’s role.

In the API Publisher, new ‘Tier Permissions’ page allows defining the roles against each Tier.

Info

This 'Tier Permissions' page will be visible to users with 'Manage Tiers' Permissions only.

Either you can define the Roles, ALLOWED for a Tier or DENIED for a Tier. By default all the Tiers are ALLOWED for everyone.

ALLOW Permissions

If you need to ALLOW a Tier to some roles only, then you can select “allow” and define those roles as a comma separated list. So only the subscribers who fall under those roles will  be able to subscriber to APIs using that Tier.

Image Removed

Only subscribers who has role1 or role2 will be able to subscribe using Bronze Tier.

DENY Permissions

 If you need to DENY a Tier to some roles, then you can select “deny” and define those roles as a comma separated list. So all the subscribers who fall under those roles will not be able to to subscriber to APIs using that Tier.

Image Removed

 

Subscribers who has role1 or role2 will not be able to subscribe using Bronze Tier. Others can subscriber using Bronze Tier.

 

In the API Store,  when a user is subscribing to an API, the available Tiers will be filtered based on the subscribers role. So only the ALLOWED roles will appear here.

Image Removed shown below. For each tier, you can specify a comma-separated list of roles and either Allow or Deny access to the list.

Image Added

A subscriber logged into the API Store can consume APIs using a specific tier, only if s/he is assigned to a role that is allowed access. In the API Store, the subscriber sees a list of tiers that is filtered based on the subscriber's role. Only the ALLOWED roles appear here. By default, all tiers are allowed to everyone.

Application-level throttling

...

  • When an API is invoked, it first checks whether the request is allowed by APIapplication-level throttling limit. If the consumer an application has exceeded his/her its maximum number of allowed API requests, the new request will be terminated.
  • If APIapplication-level limit is not exceeded, it then checks whether the request is allowed by applicationresource-level throttling limit. If it has exceeded, the request will be terminated.
  • If applicationresource-level limit is not exceeded, it finally checks whether the request is allowed by resourceAPI-level throttling limit. If the limit is not exceeded, then the request will be granted.

...