This sample shows how to implement a basic API consumption limit using Apigee's Quota policy.
The Quota policy enforces consumption limits on client apps by maintaining a counter that tallies incoming requests. The counter can tally API calls for any identifiable entity, including apps, developers, API keys, access tokens, and so on. Usually, API keys are used to identify client apps. This policy should be used to enforce business contracts or SLAs with developers and partners, rather than for operational traffic throttling.
A quota is an allotment of request messages that an API proxy can handle over a time period, such as minute, hour, day, week, or month. The Quota policy enables API providers to enforce limits on the number of API calls made by apps over this time period.
When an API proxy reaches its quota limit, subsequent API calls are rejected; Apigee returns an error for every request that exceeds the quota.
You can set the quota to be the same for all apps accessing the API proxy, or you can set the quota based on:
- The API product that contains the API proxy
- The app that makes the request
- The app developer
- Many other criteria
This sample shows how to enforce a dynamic quota as defined by the API product. Two products are created with different quotas to demonstrate how different consumption tiers can be configured for the same API.
The Quota policy contains many options to control the desired behavior. For more information see the Quota policy reference.
This sample uses a VerifyAPIKey policy to identify the calling application and the API product associated with the proxy. The Quota policy is configured to enforce the limit and time interval defined in the API product. An AssignMessage policy is used to set a success response that includes the current value of the counter vs. the allowed limit. A RaiseFault policy is used to return a custom error payload when the quota is exceeded.
- Provision Apigee X
- Configure external access for API traffic to your Apigee X instance
- Access to deploy proxies, create products, apps and developers in Apigee
- Make sure the following tools are available in your terminal's $PATH (Cloud Shell has these preconfigured)
- gcloud SDK
- unzip
- curl
- jq
- npm
Use the following GCP CloudShell tutorial, and follow the instructions.
- Clone the
apigee-samplesrepo, and switch thebasic-quotadirectory
git clone https://github.com/GoogleCloudPlatform/apigee-samples.git
cd apigee-samples/basic-quota- Edit
env.shand configure the following variables:
PROJECTthe project where your Apigee organization is locatedAPIGEE_HOSTthe externally reachable hostname of the Apigee environment group that contains APIGEE_ENVAPIGEE_ENVthe Apigee environment where the demo resources should be created
Now source the env.sh file
source ./env.sh- Deploy Apigee API proxies, products and apps
./deploy-basic-quota.shTo run the tests, first retrieve Node.js dependencies with:
npm installEnsure the following environment variables have been set correctly:
PROXY_URLCLIENT_ID_1CLIENT_ID_2
and then run the tests:
npm run testTo manually test the proxy, make requests using the API keys created by the deploy script.
If the deployment has been successfully executed, you will see two products (basic-quota-trial & basic-quota-premium) and two corresponding apps (basic-quota-trial-app & basic-quota-premium-app) created for testing purposes. Instructions for how to find
application credentials can be found here.
The requests can be made like this:
curl https://$APIGEE_HOST/v1/samples/basic-quota?apikey=$CLIENT_ID_1When testing with the basic-quota-trial-app key, the response will show 10 requests per minute allowed. Each subsequent response will increment the counter until the quota is exceeded.
When testing with the basic-quota-premium-app key, the response will instead show 1000 requests per hour.
If you want to clean up the artifacts from this example in your Apigee Organization, first source your env.sh script, and then run
./clean-up-basic-quota.sh