Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

Defining a general and per operation rate limits on an API Product

I'm trying to set up rate limits in my API proxy in the following way:

  • By default, the rate limit for all operations is “20 requests every 1 minute”
  • For specific, more sensitive operations, the rate limit is “5 requests every 1 minute”

It seems that you can achieve this by setting a defining a general rate limit on an API Product, and then defining another rate limit on specific Operations under that API Product, as shown on the screenshot below:

image (1).png

But that doesn't work. When my Quota policy gets invoked, the apiproduct.developer.quota.* flow variables end up being set to the general rate limit. This is what I see in the debugger when making a request to /sensitive:

image (2).png

I think the problem is in how Operation precedence works in API Products, as documented here:

 More inclusive, less specific resource paths take predence over those that are more specific. For example, if you add / and /**, the / resource path takes precedence and the /** resource path is ignored.

I defined a catch-all / operation on the API Product, and it takes precedence over a more specific /sensitive operation.

I don’t want to explicitly define every possible resource path in my API Product, is there a different approach you’d recommend?

0 4 1,384
4 REPLIES 4
Top Solution Authors