Contact Free trial Login

Applying a Policy and SLA Tier

In this procedure you configure and apply a policy to an API. Optionally, you can set up SLA tiers. This procedure describes how to configure and apply a policy, for example, the Rate Limiting SLA-based policy.

About SLA Tiers

You create the following tiers of access that limit apps calling the API to 3 or 5 requests, depending on the SLA level of the app.

  • A tier that limits the requests to three per minute. No approval required.

  • A tier that limits requests to five per minute and requires API Versions Owner approval of the app that wants to access the API.

In this procedure, you limit access to one API resource. Access to other resources are unlimited. When an app attempts to consume the protected resource, the policy is enforced. The request needs to include the expected user name/password. Repeated calls within SLA limits from the app to the API succeed; others fail.

To Add the Required RAML Snippet

Check the type of API if you don’t know whether it’s RAML or HTTP: On the API dashboard, check that Type is either RAML/OAS or HTTP.

You need to add a specific RAML snippet to your RAML API if you want to use SLA-based rate limiting and certain other policies. In the list of applied policies for an API instance, a link to RAML snippets required for the policy appears.

Because the rate limiting policy is client ID-based, you set up the client ID and secret as query parameters. Add traits to RAML for enforcing the policies. Edit the RAML as follows:

  1. Add a section called traits: at the root level to define query parameters:

    traits:
  - client-id-required:
      queryParameters:
       client_id:
        type: string
      client_secret:
        type: string

  2. Reference the trait in each of the methods to specify that each of the methods require these query parameters. After each method in the RAML file, add is: [client-id-required]. For example:

    /users:
  get:
    is: [client-id-required]
    description: Gets a list of JSONPlaceholder users.

To Add the Tier

  1. In API Manager, in API Administration, click an API instance.

  2. Check that the API supports resource-level policies: On the API dashboard, check that Type is either RAML/OAS or HTTP.

  3. Choose the SLA Tiers, and click Add SLA Tier. Set up one limit on the tier as follows:

    • Name: Free

    • Approval: Automatic

    • Limits

      • # of Reqs: 3

      • Time Period: 1

      • Time Unit: Minute

  4. Click Add SLA Tier again, and set up one limit on the tier as follows:

    • Name: Premium

    • Approval: Manual

    • Limits

      • # of Reqs: 5

      • Time Period: 1

      • Time Unit: Minute

To Apply the Policy

This procedure assumes you just finished add an SLA tier as described above, or you navigated to API Manager > API Administration. In the latter case, click an API instance, and then follow this procedure to apply a policy.

  1. Choose Policies.

  2. Click Apply New Policy, and in Select Policy, select Rate Limiting - SLA-based policy, and click Configure. Alternatively, select Rate Limiting > Configure Policy.

  3. In Limits, set the number of requests, time period, and units of measurement.

  4. Configure the policy on the /users resource of the API.

    • In Method & Resource Conditions, select Apply Configurations to Specific Methods & Resources.

    • In Methods, select GET and in URI template regex.

    • In URI Template Regex, enter /users to apply rate limiting only to the /users resource, or enter .* to apply rate limiting to every resource URI of the API.

    • Mule 4 use: Configure header propagation for token enforcement and rate limiting policies by checking the Expose Headers checkbox.

    • Click Apply.

      rlp conditions

      If you have a RAML spec attached to your API, click Preview Resource Matching to check which resources your filters affect.

See Also

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub