This documentation is for WSO2 API Manager 1.5.0 View documentation for the latest release.
Throttling Tiers - API Manager 1.5.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

For example, if you have infrastructure limitations in facilitating more than a certain number of requests to an API at a time, set throttling tiers to the APIs to limit access to it accordingly. Each tier defines a maximum number of requests per minute. The API Manager comes with three default tiers as Gold, Silver and Bronze.   

API-level throttling

API-level throttling tiers are defined by the API creator when Creating an API using the API Publisher. At subscription time, the consumers of the API can select which tier they are interested in using the API Store as follows:

According to the tiers s/he selects, the subscriber is granted a maximum number of requests to the API.

Setting tier permissions

An API creator can set role-based permissions to API-level access throttling tiers using the Tier Permissions tab of API Publisher as follows:

 

 

With this feature role based permissions for each Tier can be defined through the API Publisher. Then the API subscription Tiers are filtered based on the subscriber’s role.


In the API Publisher, new ‘Tier Permissions’ page allows defining the roles against each Tier.

This 'Tier Permissions' page will be visible to users with 'Manage Tiers' Permissions only.


Either you can define the Roles, ALLOWED for a Tier or DENIED for a Tier. By default all the Tiers are ALLOWED for everyone.

ALLOW Permissions

If you need to ALLOW a Tier to some roles only, then you can select “allow” and define those roles as a comma separated list. So only the subscribers who fall under those roles will  be able to subscriber to APIs using that Tier.

Only subscribers who has role1 or role2 will be able to subscribe using Bronze Tier.

DENY Permissions

 If you need to DENY a Tier to some roles, then you can select “deny” and define those roles as a comma separated list. So all the subscribers who fall under those roles will not be able to to subscriber to APIs using that Tier.

 

Subscribers who has role1 or role2 will not be able to subscribe using Bronze Tier. Others can subscriber using Bronze Tier.

 

In the API Store,  when a user is subscribing to an API, the available Tiers will be filtered based on the subscribers role. So only the ALLOWED roles will appear here.


Application-level throttling

Application-level throttling tiers are defined at the time an application is created using the API Store. For information, see  Applications and application-level throttling.

Resource-level throttling

Resource-level throttling is defined to HTTP verbs of an API's resources by the developer at the time an API is created using the Publisher. When a subscriber views an API using the API Store, s/he can see the resource-level throttling tiers using the Throttle Info tab as follows:
Subscribers are not allowed to change these throttling tiers. They are simply notified of the limitations.

How throttling tiers work

  • When an API is invoked, it first checks whether the request is allowed by API-level throttling limit. If the consumer has exceeded his/her maximum number of allowed API requests, the new request will be terminated.
  • If API-level limit is not exceeded, it then checks whether the request is allowed by application-level throttling limit. If it has exceeded, the request will be terminated.
  • If application-level limit is not exceeded, it finally checks whether the request is allowed by resource-level throttling limit. If the limit is not exceeded, then the request will be granted.

With capability to define throttling at three levels, the final request limit granted to a given user on a given API is ultimately defined by the consolidated output of all throttling tiers together. For example, lets say two users subscribe to an API using the Gold subscription, which allows 20 requests per minute. They both use the application App1 for this subscription, which again has a throttling tier set to 20 requests per minute. All resource level throttling tiers are unlimited. In this scenario, although both users are eligible for 20 requests per minute access to the API, each ideally has a limit of only 10 requests per minute. This is due to the application-level limitation of 20 requests per minute.

Go back to Tier Availability section in Creating an API page.

  • No labels