Contact Free trial Login

Applying an SLA-Based Policy

In this procedure, you configure and apply a rate limiting SLA-based policy to an API. You create the following two access SLA tiers that limit the number of app requests, based on the SLA level of the app:

  • A tier that limits requests to three per minute, with no approval required

  • A tier that limits requests to five per minute, with API Versions Owner approval required

When an app attempts to consume the protected API resource, the rate limiting SLA-based policy is enforced. Because this policy is client ID-based, app requests must include the expected client ID. The client secret is optional.

Add the Required RAML Snippet

SLA-based rate limiting requires adding a RAML or OAS snippet to your API. This procedure demonstrates adding a RAML snippet.

  1. Specify the client ID and secret as query parameters.

    Add a section called traits: at the RAML root level to define query parameters:

    traits:
      - client-id-required:
          queryParameters:
           client_id:
            type: string
          client_secret:
            type: string
  2. Add the client-id-required trait to every method that requires these query parameters:

    /users:
      get:
        is: [client-id-required]
        description: Gets a list of JSONPlaceholder users.

Add the SLA Tier

With the required RAML snippet added to your RAML API, you now add the SLA tier.

  1. From API Manager, navigate to API Administration and select an API instance.

  2. Verify that the API Type is either RAML/OAS or HTTP.

  3. Click SLA Tiers.

  4. Select Add SLA Tier and specify a limit on the tier:

    • Name: Free

    • Approval: Automatic

    • Limits

      • # of Reqs: 3

      • Time Period: 1

      • Time Unit: Minute

  5. Click Add SLA Tier again and specify another limit on the tier:

    • Name: Premium

    • Approval: Manual

    • Limits

      • # of Reqs: 5

      • Time Period: 1

      • Time Unit: Minute

Apply the Policy

After adding the SLA tier, the policy can now be applied to the API.

  1. Select Policies.

  2. Click Apply New Policy and select Rate limiting - SLA-based.

  3. Click Configure Policy.

  4. Configure the policy on the API /users resource:

    • In Method & Resource Conditions, select Apply Configurations to Specific Methods & Resources.

    • Under Methods, select GET.

    • Under URI Template Regex, enter /users to apply rate limiting only to the /users resource, or enter .* to apply rate limiting to every resource URI of the API.

    • If your environment uses Mule 4, configure header propagation for exposing the rate limiting headers and rate limiting policies by checking the Expose Headers checkbox. For additional information, see the FAQ section of Reviewing Rate Limiting Policy.

    • Click Apply.

      rlp conditions

      If a RAML spec is attached to your API, click Preview resource matching to verify which resources your filters affect.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub