❏❏❏❏❏
❏Maximum Back-End Throughput❏Per Token Quota Policies❏Subscription Level Throttle Policies (With Burst Control)❏Advanced Throttling Policies❏Custom Policies❏Blacklist Conditions
❏❏
Throttle Data Publishing
❏ Traffic Manager has the responsibility of making throttle decisions
❏ Data required to make throttle decisions need to be published to the Traffic Manager
❏ Each gateway in a deployment asynchronously publishes data required to make throttle decision for every API request to traffic manager
Policy Evaluation and Notify Decisions❏ Traffic Manager has the responsibility of making
throttling decisions❏ The Siddhi Runtime in Traffic Manager processes
events from gateways❏ Policies deployed in traffic manager are executed on
each event❏ An event that triggers a condition in a policy will be
notified to gateways through a JMS topic
Policy Evaluation and Notify Decisions
❏ Each gateway maintains a throttle data map to check whether a request is within the allowed quota.
❏ Gateways update the throttle data map from the JMS Topic which is notified by the Traffic Manager
Different Types of Throttle Policies
❏ Maximum Back-End Throughput❏ Subscription Level Throttle Policies (With Burst
Control)❏ Per Token Quota❏ Advanced Throttling Policies❏ Custom Policies❏ Blacklist Conditions
❏ Used to protect backend services/apps❏ API Developer can specify the maximum backend
throughput that can be served without interruptions
Subscription Level Quotas (With Burst Control)❏ API Product Manager decides which quotas to expose
an API on.❏ An Application can only subscribe to an API using the
specified quotas❏ Supports both request count and bandwidth based
throttling❏ An Application can only make requests upto the
specified limits in these quotas❏ Ex: 1000 req/hour with 5 req/s burst control (Rate Limit)❏ Burst control ensures even usage distribution
Per Token Quota❏ Specifies the request limit allowed on a single token
from a given Application❏ These limits are defined when creating an Application❏ Support both request count and bandwidth based
quotas❏ Ex: 10req/min - A given user from a single Application
can make 10 API calls per minute across all APIs it has subscribed to
Advanced Throttling Policies❏ These policies allow users to define complex throttle
policies.❏ These can be attached to all resources of an API or to
individual Resources separately❏ Allows defining policies based on
❏
❏
❏
❏
❏ Supports both request count and bandwidth based throttling
❏ Ability to define multiple condition groups, each with a set of conditions.
Advanced Throttling Policies
Blacklisting
❏ Blacklist conditions are used to block API requests instantaneously
❏ New feature which allows administrative users to block API invocations by User, API context, Application and IP address
❏ Provides ability to control unusual behaviors of API Invocations
Custom Policies❏ Provides the flexibility to write user defined policies❏ Allows users to write policies using the siddhi query
language.❏ These policies apply globally for every API❏ Custom throttle policy contains two major parts
❏ siddhi query❏ key template
❏ Key templates defines unique key which need to be equal to throttle key in Siddhi Query
❏ Administrative user can write custom policies to limit or block API calls by user, application, IP addresses, etc...
Custom Policies Contd..
Summary
❏ New throttling features provides flexibility to write throttling policies based on request count and bandwidth
❏ Advance throttling policies allows to define complex throttle policies based on headers, query params, IP addresses, IP address ranges and JWT claims
❏ Blacklisting allows to block API Invocations instantaneously❏ Custom policies allows to have user defined throttle policies❏ Users need to select appropriate policies based on their
needs