This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Defining a general and per operation rate limits on an API Product

Posted on 09-06-2022 06:55 AM
dpashkevich
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

I'm trying to set up rate limits in my API proxy in the following way:

  • By default, the rate limit for all operations is “20 requests every 1 minute”
  • For specific, more sensitive operations, the rate limit is “5 requests every 1 minute”

It seems that you can achieve this by setting a defining a general rate limit on an API Product, and then defining another rate limit on specific Operations under that API Product, as shown on the screenshot below:

image (1).png

But that doesn't work. When my Quota policy gets invoked, the apiproduct.developer.quota.* flow variables end up being set to the general rate limit. This is what I see in the debugger when making a request to /sensitive:

image (2).png

I think the problem is in how Operation precedence works in API Products, as documented here:

 More inclusive, less specific resource paths take predence over those that are more specific. For example, if you add / and /**, the / resource path takes precedence and the /** resource path is ignored.

I defined a catch-all / operation on the API Product, and it takes precedence over a more specific /sensitive operation.

I don’t want to explicitly define every possible resource path in my API Product, is there a different approach you’d recommend?

0 4 1,384
Topic Labels
0 Likes
4 REPLIES 4
Top Solution Authors
View all