To Apply a Resource-Level Policy and SLA Tiers

In this procedure you set up SLA tiers and apply a policy. If you just want to apply a policy, start at step 5.

In this procedure, you limit access to one API resource. Access to other resources are unlimited. You configure and apply the rate limiting SLA-based policy the resource. You create the following tiers of access that limit apps calling the API to 3 or 5 requests, depending on the SLA level of the app.

  • A tier that limits the requests to three per minute. No approval required.

  • A tier that limits requests to five per minute and requires API Versions Owner approval of the app that wants to access the API.

Because the rate limiting policy is client ID-based, you also set up the client ID and secret as query parameters.

When an app attempts to consume the protected resource, the policy is enforced. The request needs to include the expected user name/password. Repeated calls within SLA limits from the app to the API succeed; others fail.

  1. In API Manager, in API Administration, click an API version link.

  2. On the API version details page, in Status, click Configure Endpoint, and check that Type is RAML.

    A RAML-based API is required for applying a policy to a resource.

  3. Choose the SLA Tiers, and click Add SLA Tier. Set up one limit on the tier as follows:

    • Name: Free

    • Approval: Automatic

    • Limits

      • # of Reqs: 3

      • Time Period: 1

      • Time Unit: Minute

  4. Click Add SLA Tier again, and set up one limit on the tier as follows:

    • Name: Premium

    • Approval: Manual

    • Limits

      • # of Reqs: 5

      • Time Period: 1

      • Time Unit: Minute

  5. Choose Policies.

  6. Click Apply New Policy, and in Select Policy, select Rate Limiting - SLA-based policy, and click Configure.

  7. Configure the policy on the /users resource of the API.

    • In Method & Resource Conditions, select Apply Configurations to Specific Methods & Resources.

    • In Methods, select GET and in URI template regex.

    • In URI Template Regex, enter /users to apply throttling only to the /users resource, or enter .* to apply throttling to every resource URI of the API.

    • Click Apply.


  8. On the API version details page, click Raml Snippet for Rate Limiting - SLA based.

  9. Add traits to RAML for enforcing the policies. Open API Designer and edit the RAML:

    • Add a section called traits: at the root level to define query parameters:

        - client-id-required:
              type: string
              type: string
    • Reference the trait in each of the methods to specify that each of the methods require these query parameters. After each method in the RAML file, add is: [client-id-required]. For example:

          is: [client-id-required]
          description: Gets a list of JSONPlaceholder users.

In this topic: