Applying an SLA-Based Policy

In this procedure, you configure and apply a rate limiting SLA-based policy to an API. You create the following two access SLA tiers that limit the number of app requests, based on the SLA level of the app:

  • A tier that limits requests to three per minute, with no approval required

  • A tier that limits requests to five per minute, with API Versions Owner approval required

When an app attempts to consume the protected API resource, the Rate Limiting SLA-based policy is enforced. Because this policy is client ID-based, app requests must include the expected client credentials. The procedure demonstrates including client credentials as headers, which is more secure than including the credentials as query parameters.

To configure and apply a rate limiting SLA-based policy to an API:

Add the Required RAML Snippet

SLA-based rate limiting requires adding a RAML or OAS snippet to your API. This procedure demonstrates adding a RAML snippet.

  1. Specify the client ID and secret as headers.

    Add a section called traits: at the RAML root level to define headers:

            type: string
            type: string
  2. Add the client-id-required trait to every method that requires these headers:

        is: [client-id-required]
  3. Publish the API to Exchange

Add the SLA Tier

With the required RAML snippet added to your RAML API, you now add the SLA tier.

  1. From API Manager, navigate to API Administration and select the API instance.

  2. Click Actions > Change API Specification.

  3. Select the newly published API version and click Change.

  4. In the Type field, verify that the API type is RAML or OAS, or HTTP.

  5. Click SLA Tiers.

  6. Select Add SLA Tier and specify a limit on the tier:

    • Name: Free

    • Approval: Automatic

    • Limits

      • # of Reqs: 3

      • Time Period: 1

      • Time Unit: Minute

  7. Click Add SLA Tier again and specify another limit on the tier:

    • Name: Premium

    • Approval: Manual

    • Limits

      • # of Reqs: 5

      • Time Period: 1

      • Time Unit: Minute

Apply the Policy

After adding the SLA tier, the policy can now be applied to the API.

  1. Select Policies.

  2. Click Apply New Policy and select Rate limiting - SLA-based.

  3. Click Configure Policy.

  4. Configure the policy on the API /users resource:

    • In Method & Resource Conditions, select Apply Configurations to Specific Methods & Resources.

    • Under Methods, select GET.

    • Under URI Template Regex, enter /users to apply rate limiting only to the /users resource, or enter .* to apply rate limiting to every resource URI of the API.

    • If your environment uses Mule 4, configure header propagation for exposing the rate limiting headers and rate limiting policies by checking the Expose Headers checkbox. For additional information, see the FAQ section of Reviewing Rate Limiting Policy.

    • Click Apply.

      rlp conditions

      If a RAML spec is attached to your API, click Preview resource matching to verify which resources your filters affect.

Register and Deploy

After applying the policy, perform the following steps for the policy to take effect:

  1. Register a client application to access the API with the newly applied policy:

  2. Deploy the application:

  3. Test the API with a tool such as Advanced REST Client, making sure to populate the request’s client_id and client_secret header fields with the client credentials obtained earlier in the procedure.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub
Give us your feedback!
We want to build the best documentation experience for you!
Help us improve with your feedback.
Take the survey!