This documentation is for WSO2 API Manager 1.8.0 View documentation for the latest release.
Page Comparison - Key Concepts (v.44 vs v.45) - API Manager 1.8.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Subscribers are not allowed to change these throttling tiers. They are simply notified of the limitations.
API-level throttling

API-level throttling tiers are defined when managing APIs using the API Publisher portal. The UI looks as follows:

After API-level throttling tiers are set and the API is published, at subscription time, the consumers of the API can log in to the API Store and select which tier they are interested in as follows:

 

According to the tiers the subscriber selects, s/he is granted a maximum number of requests to the API. The default tiers are as follows:

  • Bronze: 1 request per minute
  • Silver: 5 requests per minute
  • Gold: 20 requests per minute
  • Unlimited: Allows unlimited access (you can disable the Unlimited tier by editing the <TierManagement> node of the <APIM_HOME>/repository/conf/api-manager.xml file)

Setting tier permissions: Users with Manage Tiers permission can set role-based permissions to API-level access throttling tiers. This is done using the Tier Permissions menu in the API Publisher as shown below. For each tier, you can specify a comma-separated list of roles and either Allow or Deny access to the list. 

A subscriber logged into the API Store can consume APIs using a specific tier only if s/he is assigned to a role that is allowed access. In the API Store, the subscriber sees a list of tiers that is filtered based on the subscriber's role. Only the ALLOWED roles appear here. By default, all tiers are allowed to everyone.

IP-level throttling

In IP-based throttling, you can limit the number of requests sent by a client IP (e.g., 10 calls from single client).

  1. Log in to the management console and click the Resources -> Browse menu.
  2. Navigate to the tiers.xml file in the registry location /_system/governance/apimgt/applicationdata.

  3. Add your policy. For example, the throttling policy shown below allows only 1 API call per minute for a client from 10.1.1.1 and 2 calls per minute for a client from any other IP address.

    Code Block
    languagexml
    <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"  
    
    xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle">   
    <throttle:MediatorThrottleAssertion>    
    <wsp:Policy>            
    <throttle:ID throttle:type="IP">10.1.1.1</throttle:ID>            
    <wsp:Policy>                
    <throttle:Control>                    
    <wsp:Policy>                        
    <throttle:MaximumCount>1</throttle:MaximumCount>                        
    <throttle:UnitTime>60000</throttle:UnitTime>                    
    </wsp:Policy>                
    </throttle:Control>           
    </wsp:Policy>        
    </wsp:Policy>
         
    <wsp:Policy>            
    <throttle:ID throttle:type="IP">other</throttle:ID>            
    <wsp:Policy>                
    <throttle:Control>                    
    <wsp:Policy>                        
    <throttle:MaximumCount>2</throttle:MaximumCount>                        
    <throttle:UnitTime>60000</throttle:UnitTime>                   
     </wsp:Policy>                
    </throttle:Control>            
    </wsp:Policy>        
    </wsp:Policy>    
    </throttle:MediatorThrottleAssertion></wsp:Policy> 
    Tip

    If you need to add a list of IPs / subnets for throttling you can derive the IP range from CIDR (Classless Inter-Domain Routing) notation and add it to the throttling policy configuration as follows.

    Example :

    If IP / subnet is "10.1001.41.961/27" in CIDR notation, the IP address range is between "10.1001.41.97 1 - 10.1001.41.12630" (if we keep 127 31 for broadcast). Therefore you can add throttling for the IP range as follows.

    Code Block
    <throttle:ID throttle:type="IP">10.1001.41.971 - 10.1001.41.126<30</throttle:ID>

How throttling tiers work

...