- With the new throttling implementation, the subscription level tier quota will define the limit that particular application can access that API
- So basically the throttling tier policy is configured for subscription level tier by : appId + apiName + version.
- This can be defined as per request count or bandwidth.
- If application is used by 1000 users and subscribe to a 50000 Req/Min tier, then all the subscribed 1000 users can invoke maximum of 50000 Request per minute since it does not consider the user identification in subscription level tier policy.
- With the previous throttling implementation any application user could access limit of 50000 Req/Min.
- When configuring Subscription level tier, Burst/rate limiting is also introduced to control the maximum requests that can be sent by a particular subscriber for a given period.
- So if the burst limit is configured as 1000 Request/s, each user will be able to send only 1000 requests per second as maximum until it reaches 50000 requests for that minute.
- If there are 10 application users using subscribed using 10 different applications, each user get 50000 requests with the limitation of sending burst requests 1000 per second.
Scenario 1 – Different users using same application using their user tokens
Throttle out an API
by a subscription tier when few users from same tenant
invoke a particular API subscribed via the same application
when quota limit is 'request count' and when there
is no burst limit
Preconditions:
2. A subscription tier should be created as below.
-
Tier Name : Silver
-
Request Count : 2000
-
Unit Time : 1 minute
-
Burst Control (Rate Limiting) : 0
-
Stop on Quota Reach : Not selected
-
Billing Plan : Free or Commercial
-
Custom Attributes : None
-
Permissions : not defined
-
Subscription Tiers : Silver
-
GET resource level Tier : Unlimited is set
-
Application created with an Unlimited Tier. app1
-
Subscribe using application with Silver
6. User1 and User2 should generate their user tokens using the consumer key and secret generated in the above step.
User1 using app1 :
User1 Token = curl -k -d "grant_type=password&username=<Username>
&password=<Password>" -H "Authorization: Basic <app1_Token>"
https://192.168.124.1:8243/token
User2 using app1 :
User2 Token = curl -k -d "grant_type=password&username=<Username>
&password=<Password>" -H "Authorization: Basic <app1_Token>"
https://192.168.124.1:8243/token
Authorization: Basic <app1_token> =
<Base64encode(consumerkey:consumer secret of app1)>
Step | Expected Result |
---|---|
User 1 and User 2 invoke the GET resource as below within a minute using their user token
|
User who exceeds the 2000th request should be notified as throttled out. |
Scenario 2 : Same user using different applications using their user tokens
Throttle out an API by a subscription tier when the same user invokes a particular API subscribed via different applications when quota limit is 'request count' and when there is no burst limit.
Preconditions:
2. A subscription tier should be created as below.
-
Tier Name : Silver
-
Request Count : 2000
-
Unit Time : 1 minute
-
Burst Control (Rate Limiting) : 0
-
Stop on Quota Reach : Not selected
-
Billing Plan : Free or Commercial
-
Custom Attributes : None
-
Permissions : not defined
-
Subscription Tiers : Silver
-
GET resource level Tier : Unlimited is set
-
2 Applications created with an Unlimited Tier. app1 and app2
-
Subscribe API1 using applications (app1 and app2) with
Silver
6. User1 should generate the user tokens using the consumer key and secret generated in the above step for both apps
User1 using app1 :
User1 Token1 = curl -k -d "grant_type=password&username=<Username>&password=<Password>"
-H "Authorization: Basic <app1_Token>" https://192.168.124.1:8243/token
User1 using app2 :
User1 Token2 = curl -k -d "grant_type=password&username=<Username>&password=<Password>"
-H "Authorization: Basic <app2_Token>" https://192.168.124.1:8243/token
Authorization: Basic <app1_token>
= <Base64encode(consumerkey:consumer secret of app1)>
Authorization: Basic <app2_token>
= <Base64encode(consumerkey:consumer secret of app2)>
Step | Expected Result |
---|---|
User 1 invoke the GET resource as below within a minute using user token1 and token2
|
User will be able to invoke successfully all the requests |
User 1 invokes the GET resource as below within a minute using their user token1 and token2
|
When user1 invokes the 2001st request using token2, will be notified as throttled out while other requests will be successful. |
Scenario 3 : Different users via different applications using their user tokens
Throttle
out an API by a subscription tier when few users
from same tenant invoke
a particular
API subscribed via different applications
when quota limit is request count
and when there is no burst limit.
Preconditions:
2. A subscription tier should be created as below.
-
Tier Name : Silver
-
Request Count : 2000
-
Unit Time : 1 minute
-
Burst Control (Rate Limiting) : 0
-
Stop on Quota Reach : Not selected
-
Billing Plan : Free or Commercial
-
Custom Attributes : None
-
Permissions : not defined
-
Subscription Tiers : Silver
-
GET resource level Tier : Unlimited is set
-
Application 1 and application 2 created with an Unlimited Tier. app1 and app2
-
Subscribe using applications with Silver
6. User1 and User2 should generate their user tokens using the consumer key and secret generated in the above step.
User 1 using app1 :
User token 1 = curl -k -d "grant_type=password&username=user1&password=user1"
-H "Authorization: Basic <app1_Token>" https://192.168.124.1:8243/token
User 2 using app2 :
User token 2 = curl -k -d "grant_type=password&username=user2&password=user2"
-H "Authorization: Basic <app2_Token>" https://192.168.124.1:8243/token
Authorization: Basic <app1_Token>
= <Base64encode(consumerkey:consumer secret of app1)>
Authorization: Basic <app2_Token>
= <Base64encode(consumerkey:consumer secret of app2)>
Step | Expected Result |
---|---|
User 1 and User 2 invoke the GET resource as below within a minute using their user token
|
Both users will be able to invoke successfully. |
User 1 and User 2 invoke the GET resource as below within a minute using their user tokens
|
Both users will be able to invoke successfully. |
User 1 and User 2 invoke the GET resource as below within a minute using their user tokens
|
Both users will be notified as throttled out. |
Scenario 4 : Different users via same application using test access token
Throttle out an API by a
subscription tier when few users from same
tenant invoke a
paticular API subscribed via the same
application and
test access token (grant_type = client credentials)
when quota limit is 'request count'
and when there is no burst limit
Preconditions :
1. API Manager should be up and running and user1 and user2 should be signed up with subscriber permission.
2. A subscription tier should be created as below.
-
Tier Name : Silver
-
Request Count : 2000
-
Unit Time : 1 minute
-
Burst Control (Rate Limiting) : 0
-
Stop on Quota Reach : Not selected
-
Billing Plan : Free or Commercial
-
Custom Attributes : None
-
Permissions : not defined
-
Subscription Tiers : Silver
-
GET resource level Tier : Unlimited is set
-
Application created with an Unlimited Tier. app1
-
Subscribe using application with Silver
6. Test access token can be retrieved via below command.
Developer generates an access token using app1 : Test Access Token = curl -k -d "grant_type=client_credentials"
-H "Authorization: Basic <app1_Token>" https://192.168.124.1:8243/token
Authorization: Basic <app1_token>
= <Base64encode(consumerkey:consumer secret of app1)>
Step | Expected Result |
---|---|
User 1 and User 2 invoke the GET resource as below within a minute using the same test access token generated
|
Both users will be able to invoke successfully. |
User 1 and User 2 invoke the GET resource as below within a minute using the same test access token
|
User who exceeds the 2000th request should be notified as throttled out. |
Scenario 5: Different users via same application via user token when the burst limit is configured
Throttle
out an API by a subscription tier when few users
from same tenant invoke
a particular API subscribed via same
applications when
quota limit is request count
and when there is a burst limit configured.
Preconditions
:
2. A subscription tier should be created as below.
-
Tier Name : Silver
-
Request Count : 2000
-
Unit Time : 1 hour
-
Burst Control (Rate Limiting) : 100 Request/m
-
Stop on Quota Reach : Not selected
-
Billing Plan : Free or Commercial
-
Custom Attributes : None
-
Permissions : not defined
-
Subscription Tiers : Silver
-
GET resource level Tier : Unlimited is set
-
Application 1 created with an Unlimited Tier. app1
-
Subscribe using applications with Silver
6. User1 and User2 should generate their user tokens using the consumer key and secret generated in the above step.
User 1 using app1 :
User token 1 = curl -k -d "grant_type=password&username=user1&password=user1"
-H "Authorization: Basic <app1_Token>" https://192.168.124.1:8243/token
User 2 using app1 :
User token 2 = curl -k -d "grant_type=password&username=user2&password=user2"
-H "Authorization: Basic <app1_Token>" https://192.168.124.1:8243/token
Authorization: Basic <app1_Token>
= <Base64encode(consumerkey:consumer secret of app1)>
Step | Expected Result |
---|---|
User1 invoke with 100 requests (a burst) within a minute using their user token | User should be able to invoke successfully |
User 1 try to send a request within the same minute in step 2. | User1 will be notified as you have exceeded your quota until the next minute |
User 2 invoke with 100 requests (a burst) within the same minute in step 2 using user2's user token. | User 2 will be able to invoke successfully. |
User 2 invokes again within the same minute in step 2 using user2's user token | User should be notified as exceeded quota until the next minute. |
User 1 and User 2 invoke the GET resource as below within an hour with below requests sticking to burst limit. (100 requests/m)
|
User who exceeds the throttling limit by sending the 2001st request will be notified as throttled out until the next hour since it is configured as 2000 req/hr. Until that all the requests will be successfully invoked sticking to the burst limit. |