This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How does the Quota policy work when no Identifier is specified?

Posted on 04-13-2015 11:02 AM
Not applicable
Reply posted on --/--/---- --:-- AM

In the Quota Policy documentation, I can see an identifier element which is optional

http://apigee.com/docs/api-services/reference/quota-policy

If I leave out this optional identifier element, how does the policy behave?

The reason I'm asking is because we had one user send a lot of requests over the weekend. One of the APIs was missing this identifier element, and as a result, all users got an over quota error.

I would like to apply the quota per-developer. Right now, for other APIs, we have an apikey query parameter that is sent with every request, and I use this to manage the quota using the identifier element

<Identifier ref="request.queryparam.apikey"/>

This has the obvious loophole that you can bypass the quota simply by issuing a new API key on your account. We'd like to have the quota per account rather than per-key.

Is that how the default works?

Would I have to extract the developer profile and use the email address to enable this functionality?

Solved Solved
5 9 10.2K
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ozanseymen
Staff
Reply posted on --/--/---- --:-- AM

Hello,

If you leave the identifier element empty, one rate limit is enforced for all requests into that API Proxy. i.e. every request from all applications, all developers, all ip addresses, etc. will use the same quota counter. If the quota calls for 100 requests per minute, and one instance of an app uses 90 requests in the first 10 seconds, then all other instances of all other apps will be allowed only 10 requests for the balance of that minute.

If you would like your quota to work per developer, you can use the context variables 'developer.id' or 'developer.email' instead:

<Identifier ref="developer.id" />

Or

<Identifier ref="developer.email" />

These variables are available to policies that execute in the flow after the "Verify API Key" policy.

View solution in original post

Jump to Solution
9 REPLIES 9
Top Solution Authors
View all