This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The steps below show how to engage a throttling policy to an API at runtime.

  1. Write a new throttling policy. For example, the following sample throttling policy points to a backend service and allows 1000 concurrent requests to a service.

    Code Block
    <wsp:Policy xmlns:wsp=""
                <throttle:ID throttle:type="IP">other</throttle:ID>           
    • Throttle policy - This section is used to specify the policy for throttling.
    • Maximum concurrent accesses - The maximum number of messages that are served at a given time.
    • Throttle assertion - Assertion for a concurrency-based policy.
  2. Log in to the API Manager's management console ( https://localhost:9443/carbon ) and click go to the Resource > Browse menu to view the registry.
  3. Click the /_system/goverence/apimgt/applicationdata path to go to its detailed view.

  4. In the detail view, click the Add Resource link.

  5. Upload the policy file to the server as a registry resource.

  6. Open the synapse configuration file of a selected API you want to engage the policy from the <API-M_HOME>/repository/deployment/server/synapse-configs/default/api directory.

  7. To engage the policy to a selected API, add it to your API definition. In this example, we add it to the login API under APIThrottleHandler.

    Code Block
    <api xmlns="" name="_WSO2AMLoginAPI_" context="/login">
        <resource methods="POST" url-mapping="/*">
                        <address uri="https://localhost:9493/oauth2/token"/>
     <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler">
           <property name="id" value="A"/>
           <property name="policyKey" value="gov:/apimgt/applicationdata/throttle.xml"/>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>

    Note: Be sure to specify the same path used in step 5 in the policy key of your API definition. Also, use the same tier name you selected when creating the API as the throttle id in the policy (example <throttle:ID throttle:type ="ROLE">Gold</throttle:ID>).