traits:
- client-id-required:
queryParameters:
client_id:
type: string
client_secret:
type: string
Applying an SLA-Based Policy
In this procedure, you configure and apply a rate limiting SLA-based policy to an API. You create the following two access SLA tiers that limit the number of app requests, based on the SLA level of the app:
-
A tier that limits requests to three per minute, with no approval required
-
A tier that limits requests to five per minute, with API Versions Owner approval required
When an app attempts to consume the protected API resource, the rate limiting SLA-based policy is enforced. Because this policy is client ID-based, app requests must include the expected client ID. The client secret is optional.
Add the Required RAML Snippet
SLA-based rate limiting requires adding a RAML or OAS snippet to your API. This procedure demonstrates adding a RAML snippet.
-
Specify the client ID and secret as query parameters.
Add a section called
traits:
at the RAML root level to define query parameters: -
Add the
client-id-required
trait to every method that requires these query parameters:/users: get: is: [client-id-required] description: Gets a list of JSONPlaceholder users.
Add the SLA Tier
With the required RAML snippet added to your RAML API, you now add the SLA tier.
-
From API Manager, navigate to API Administration and select an API instance.
-
Verify that the API Type is either RAML/OAS or HTTP.
-
Click SLA Tiers.
-
Select Add SLA Tier and specify a limit on the tier:
-
Name: Free
-
Approval: Automatic
-
Limits
-
# of Reqs: 3
-
Time Period: 1
-
Time Unit: Minute
-
-
-
Click Add SLA Tier again and specify another limit on the tier:
-
Name: Premium
-
Approval: Manual
-
Limits
-
# of Reqs: 5
-
Time Period: 1
-
Time Unit: Minute
-
-
Apply the Policy
After adding the SLA tier, the policy can now be applied to the API.
-
Select Policies.
-
Click Apply New Policy and select Rate limiting - SLA-based.
-
Click Configure Policy.
-
Configure the policy on the API
/users
resource:-
In Method & Resource Conditions, select Apply Configurations to Specific Methods & Resources.
-
Under Methods, select GET.
-
Under URI Template Regex, enter
/users
to apply rate limiting only to the/users
resource, or enter.*
to apply rate limiting to every resource URI of the API. -
If your environment uses Mule 4, configure header propagation for exposing the rate limiting headers and rate limiting policies by checking the Expose Headers checkbox. For additional information, see the FAQ section of Reviewing Rate Limiting Policy.
-
Click Apply.
If a RAML spec is attached to your API, click Preview resource matching to verify which resources your filters affect.
-