In WSO2 API Manager, an API, application or a resource can be available to a consumer at different levels of service. This is facilitated by throttling tiers. Throttling tiers are used to limit the number of hits to an API/application or a resource during a given period of time, typically in cases of infrastructure limitations, security concerns (preventing DOS attacks), monetization purposes etc.
For example, if you have infrastructure limitations in facilitating more than a certain number of requests to an API at a time, set throttling tiers to the APIs to limit access to it accordingly. Each tier defines a maximum number of requests per minute. The API Manager comes with three default tiers as Gold, Silver and Bronze.
- Bronze - Allows 1 request for the API per minute
- Silver - Allows 5 requests for the API per minute
- Gold - Allows 20 requests for the API per minute
In addition, there is also a special tier called Unlimited, which allows unlimited access. It can be disabled by editing the <TierManagement>
node of the api-manager.xml file. You can also add your own tiers to the API Manager using the instructions in section Adding New Throttling Tiers.
Throttling is enabled in API Manager in 3 different levels as follows:
API-level throttling
When creating an API, you can select multiple entries from the list of default tiers. At subscription time, the consumers of the API can choose which tier they are interested in. Accordingly, the subscriber is granted a maximum number of requests as defined in the tier s/he selected.
Resource-level throttling
Application-level throttling
Throttling can also be set at the application-level using the API Store. You can find more information on Application-Level Throttling.
Go back to Tier Availability section in Creating an API page.