Skip to content

API Configuration: Throttling and No Auth

API Configuration: Throttling and No Auth

This document details the advanced configuration options available for your API deployment, including throttling features and no-auth configurations.

Throttling Features

The Throttling Features section allows the user to configure rate limiting to protect API from traffic spikes and overuse. This includes Spike Arrest and Subscription Quota and can be configured based on the Permission Matrix.

  • Spike Arrest:
    • Purpose: This feature helps to smooth out traffic spikes by limiting the number of API transactions within a specified timeframe.
    • Configuration: User can set an API Transaction limit and a Time period (e.g., per second, per minute). The maximum value for the transaction limit is indicated by a validation message during configuration.

Spike Config Deployment

  • Subscription Quota:
    • Purpose: This feature sets a quota for the total number of API transactions allowed over a longer period.
    • Configuration: User can define a transaction limit for a specific Time period (e.g., per Hour, per Day, per Week, per Month).
    • Minimum Value: The minimum value for the subscription quota is 5 minutes.

Subscription Quota Config Deployment

  • Application Throttling:
    • Purpose: The Client-Based Rate Limiting feature allows you to manage API traffic by setting specific transaction limits for individual subscribed applications. This helps ensure fair usage, prevents API abuse, and protects your backend systems from unexpected traffic spikes.
    • Configuration:
      • Subscribed Application Name*: Use the dropdown menu to select the specific application you want to apply the rate limit to. The dropdown will display the application name along with its unique identifier.
      • Api Transaction limit*: Enter the maximum number of API hits allowed for the selected application (e.g., 200). Note: This field requires a numerical value.
      • Time*: Select the time window for the transaction limit from the dropdown. The available options are: per Second, per Minute

Application Throttling Config Deployment

No Auth Configuration

The No Auth Configuration section allows user to configure specific API resources based on the Permission Matrix that can be accessed without requiring authentication.

  • Purpose: Adding resources here will bypass authentication, subscription validation, and gateway checks, allowing them to be consumed without a token.
  • Configuration: User can add a specific API path and select the corresponding HTTP method (GET, POST, PUT, or DELETE) that should be publicly accessible.

The Application Throttling section allows user to set a throttling limit for the entire application, which applies to all API calls made by that application.