Webinar: Incorporating New Throttling Features into Your Business

❏❏❏❏❏

❏Maximum Back-End Throughput❏Per Token Quota Policies❏Subscription Level Throttle Policies (With Burst Control)❏Advanced Throttling Policies❏Custom Policies❏Blacklist Conditions

❏❏

❏❏❏

❏

❏

❏❏

❏

❏

❏

…❏

❏

❏❏❏

❏

❏

❏

❏

❏

❏❏

Deploying a Throttling Policy

User Inputs Converted to a Siddhi Query

Throttle Data Publishing

Throttle Data Publishing

❏ Traffic Manager has the responsibility of making throttle decisions

❏ Data required to make throttle decisions need to be published to the Traffic Manager

❏ Each gateway in a deployment asynchronously publishes data required to make throttle decision for every API request to traffic manager

Policy Evaluation and Notify Decisions❏ Traffic Manager has the responsibility of making

throttling decisions❏ The Siddhi Runtime in Traffic Manager processes

events from gateways❏ Policies deployed in traffic manager are executed on

each event❏ An event that triggers a condition in a policy will be

notified to gateways through a JMS topic

Policy Evaluation and Notify Decisions

❏ Each gateway maintains a throttle data map to check whether a request is within the allowed quota.

❏ Gateways update the throttle data map from the JMS Topic which is notified by the Traffic Manager

Policy Evaluation and Notifications

Different Types of Throttle Policies

❏ Maximum Back-End Throughput❏ Subscription Level Throttle Policies (With Burst

Control)❏ Per Token Quota❏ Advanced Throttling Policies❏ Custom Policies❏ Blacklist Conditions

❏ Used to protect backend services/apps❏ API Developer can specify the maximum backend

throughput that can be served without interruptions

Subscription Level Quotas (With Burst Control)❏ API Product Manager decides which quotas to expose

an API on.❏ An Application can only subscribe to an API using the

specified quotas❏ Supports both request count and bandwidth based

throttling❏ An Application can only make requests upto the

specified limits in these quotas❏ Ex: 1000 req/hour with 5 req/s burst control (Rate Limit)❏ Burst control ensures even usage distribution

Per Token Quota❏ Specifies the request limit allowed on a single token

from a given Application❏ These limits are defined when creating an Application❏ Support both request count and bandwidth based

quotas❏ Ex: 10req/min - A given user from a single Application

can make 10 API calls per minute across all APIs it has subscribed to

Advanced Throttling Policies❏ These policies allow users to define complex throttle

policies.❏ These can be attached to all resources of an API or to

individual Resources separately❏ Allows defining policies based on

❏

❏

❏

❏

❏ Supports both request count and bandwidth based throttling

❏ Ability to define multiple condition groups, each with a set of conditions.

Advanced Throttling Policies

Default Limits

Condition GroupsConditions

Group Limit

Blacklisting

❏ Blacklist conditions are used to block API requests instantaneously

❏ New feature which allows administrative users to block API invocations by User, API context, Application and IP address

❏ Provides ability to control unusual behaviors of API Invocations

Custom Policies❏ Provides the flexibility to write user defined policies❏ Allows users to write policies using the siddhi query

language.❏ These policies apply globally for every API❏ Custom throttle policy contains two major parts

❏ siddhi query❏ key template

❏ Key templates defines unique key which need to be equal to throttle key in Siddhi Query

❏ Administrative user can write custom policies to limit or block API calls by user, application, IP addresses, etc...

Custom Policies Contd..

Summary

❏ New throttling features provides flexibility to write throttling policies based on request count and bandwidth

❏ Advance throttling policies allows to define complex throttle policies based on headers, query params, IP addresses, IP address ranges and JWT claims

❏ Blacklisting allows to block API Invocations instantaneously❏ Custom policies allows to have user defined throttle policies❏ Users need to select appropriate policies based on their

needs