This documentation is for WSO2 API Manager 1.6.0 View documentation for the latest release.
Page Comparison - Throttling Tiers (v.10 vs v.11) - API Manager 1.6.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Subscribers are not allowed to change these throttling tiers. They are simply notified of the limitations.

IP-level throttling

In IP address based throttling, you can limit the number of requests sent by a client IP (e.g., 10 calls from single client). For example, the throttling policy shown below allows only 1 API call per minute for a client from 10.1.1.1 and 2 calls per minute for a client from any other IP address:

 

Code Block
languagehtml/xml
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"  

xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle">   
<throttle:MediatorThrottleAssertion>    
<wsp:Policy>            
<throttle:ID throttle:type="IP">10.1.1.1</throttle:ID>            
<wsp:Policy>                
<throttle:Control>                    
<wsp:Policy>                        
<throttle:MaximumCount>1</throttle:MaximumCount>                        
<throttle:UnitTime>60000</throttle:UnitTime>                    
</wsp:Policy>                
</throttle:Control>           
</wsp:Policy>        
</wsp:Policy>
     
<wsp:Policy>            
<throttle:ID throttle:type="IP">other</throttle:ID>            
<wsp:Policy>                
<throttle:Control>                    
<wsp:Policy>                        
<throttle:MaximumCount>2</throttle:MaximumCount>                        
<throttle:UnitTime>60000</throttle:UnitTime>                   
 </wsp:Policy>                
</throttle:Control>            
</wsp:Policy>        
</wsp:Policy>    
</throttle:MediatorThrottleAssertion></wsp:Policy> 

 

How throttling tiers work

  • When an API is invoked, it first checks whether the request is allowed by APIapplication-level throttling limit. If the consumer an application has exceeded his/her its maximum number of allowed API requests, the new request will be terminated.
  • If APIapplication-level limit is not exceeded, it then checks whether the request is allowed by applicationresource-level throttling limit. If it has exceeded, the request will be terminated.
  • If applicationresource-level limit is not exceeded, it finally checks whether the request is allowed by resourceAPI-level throttling limit. If the limit is not exceeded, then the request will be granted.

...