Step 11 - Rate Limiting

API Team wants to limit to 5 Requests per minute per user on Version 2 of the API.

Add a Rate Limit policy on API API-Proxy

  1. In NMS, edit the API-Proxy sentence-api v2

    ../../../_images/edit-proxy2.png

  2. In Policies, add new Rate Limit policy

    ../../../_images/add-rl.png

  3. Add Rate Limit

  4. Select Authenticated Client as key to apply, and 5 request per minute

    ../../../_images/rl-5req.png

  5. Click Add, Add, Save & Publish

Test it out

  1. In Postman, Re-use the /colors on v2 endpoint. As a reminder, it is http://api.sentence.com/v2/api/colors

  2. If the API Key is not there anymore, add it in Authorization

  3. Send several requests, and after a few requests, they will be blocked

    {
  "message": "Too Many Requests",
  "status": "429"
}
    ../../../_images/rl-blocked.png

Note

As you can notice, the blocking does not occur at the 5th request. Nginx calculates a mean per second based on your Rate Limiting configuration. In our lab, we set 5 requests per minute. So it means 1 request every 12 seconds (60 sec / 5 req). So you will be allowed if we wait 12 sec between each request.