in wso2 api manager (3.2.0) :
Now, I want to limit the request rate for each resource per user, for example, by imposing restrictions on tokens. How can I achieve this?
To achieve per user rate limiting, you need to write a custom rate limiting policy.
Go to the admin portal, Rate Limiting Policies -> Custom Policies and add a custom policy you want.
The following is an example of a custom rate-limiting policy for API level, defining a limit of 5 requests per minute for the admin user.
Name: CustomPolicy
Description: Sample custom policy.
Key Template: $userId:$apiContext:$apiVersion
Siddhi query:
FROM RequestStream
SELECT userId, ( userId == '[email protected]' and apiContext == '/pizzashack/1.0.0' and apiVersion == '1.0.0') AS isEligible ,
str:concat('[email protected]',':','/pizzashack/1.0.0:1.0.0') as throttleKey
INSERT INTO EligibilityStream;
FROM EligibilityStream [isEligible==true] #throttler:timeBatch(1 min)
SELECT throttleKey, (count(throttleKey) >= 5) as isThrottled, expiryTimeStamp group by throttleKey
INSERT ALL EVENTS into ResultStream;
To write a resource level custom throttling, follow the below example.
Key Template: $userId:$resourceKey
Siddhi query:
FROM RequestStream
SELECT userId, ( userId == '[email protected]' and resourceKey == '/pizzashack/1.0.0/1.0.0/*:GET') AS isEligible ,
str:concat('[email protected]',':',resourceKey) as throttleKey
INSERT INTO EligibilityStream;
FROM EligibilityStream [isEligible==true] #throttler:timeBatch(1 min)
SELECT throttleKey, (count(throttleKey) >= 5) as isThrottled, expiryTimeStamp group by throttleKey
INSERT ALL EVENTS into ResultStream;
You can refer the documentation[1] for the further reference.
[1] https://apim.docs.wso2.com/en/3.2.0/learn/rate-limiting/advanced-topics/custom-throttling/