The Rate Limit and Quota policies in Apigee serve similar but distinct purposes:
Rate Limit:
• Limits the number of requests within a time window
• Used to prevent API throttling attacks
• Time windows can be sliding (resetting) or non-sliding
• Can limit by request count, bytes, or API calls per second
• Will reject requests that exceed the specified rate
Use cases:
- Preventing API abuse
- Avoiding overloading backend systems
- Throttling calls to external services
Quota:
• Sets an absolute threshold on the number of requests
• Used to ration and budget API usage
• Quota limits apply over a specified quota reset period
- Daily, weekly, monthly, etc.
• Can be administered on a per-client basis - Assign different quotas to different API consumers
• Once a quota is exhausted, subsequent requests are reject
Use cases:
- Enforcing tiered service plans
- Metering API usage for billing
- Limiting "free tier" API allowances
So in summary:
- Rate Limit focuses on request rates over a time window
- Quota focuses on absolute request thresholds over a period
- Rate Limit prevents spikes and throttling
- Quota rations and budgets total API usage
Using both policies together can give you a robust approach to control API access:
- Rate Limit to prevent spikes and abuse
- Quota to enforce total allowance levels per consumer
Hope this comparison helps! Let me know if you have any other questions about Apigee's Rate Limit and Quota policies.
No comments:
Post a Comment