Rate Limit

This interceptor defines the maximum amount of requests that are allowed in a given "full" time interval (in relation to the server time) and it may be entered in the API flow or directly in the flow of a plan.

In the case of an API, the interceptor can be inserted at the level of the API as a whole, of a resource or of an operation. In all these cases, each request will increment the total rate regardless of the caller, and respecting the interval defined. If it is added to the flow of a Plan, it will increase the specific rate of the caller (app or access token). In both cases, a new header showing the number of requests remaining may be added.

It’s easy to confuse this interceptor with another one that controls traffic, Spike Arrest. Because of this, we’ve included a more thorough description of each of them, their differences and configuration examples here.

Configuration

rate limit

The interceptor can only be inserted into the request flow. To configure it, we have to fill in some properties, as shown in the image above.

  • Configuration type: Sets the type of configuration to be used by the interceptor, of which we have 2 options.

    • Total calls: Sets the interceptor by the total number of calls.

    • IP: Configures the interceptor by IP calls, allowing you to block repeated calls from the same IP.

  • Calls: The total number of accepted calls.

  • Interval: Sets the time interval in which calls will be accepted, it can be per second, minute, hour, day, week or month.

    The interceptor considers "full" intervals. For example, if you set a minute interval and start making requests at 11:55:55, when the minute changes to 11:56:00, you will have a new set of allowed requests for that resource. It works the same way for other time intervals.

  • Soft Limit: Lets you set an additional percentage of allowed calls by checking the option and adding the value in the % field to the right (in the example image, we set a limit of 300 calls per minute, with a 30% soft limit allowed. That means that up to 90 more calls will be accepted).

    If Soft Limit is checked, the % field becomes mandatory. Otherwise, the Rate Limit will function normally, based on the set quota informed on the Calls field.

  • Return quota header: If checked, a parameter with the number of remaining requests will be sent with the response header.

When making a request, the response header x-ratelimit-remaining shows the number of remaining calls, and the header x-ratelimit-reset displays the time remaining until the next interval.

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]