What is Throttling?

• Throttling is Limiting requests
  • Rate limits
    • by controlling the rate of requests
    • Rate limits are usually used to protect against short and intense volume bursts
  • Quotas
    • by controlling the total requests/data transferred
    • Quotas are usually used for controlling call rates over a longer period of time
• Throttling allows API providers to protect their APIs from abuse and create value for different API product tiers
• Links:
  • https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-flexible-throttling
  • https://channel9.msdn.com/Blogs/AzureApiMgmt/Advanced-Request-Throttling-with-Azure-API-Management

Throttling levels

Throttling happens at two levels:

• Subscription and tenant limits
• Resource provider limits

Throttling config

<rate-limit-by-key  calls="10"
          renewal-period="60" 
		  counter-key="..." 
		  />

<quota-by-key calls="1000000"
          bandwidth="10000"
          renewal-period="2629800" 
		  counter-key="..." 
		  />

IP address throttling

<rate-limit-by-key  calls="10"
          renewal-period="60"
          counter-key="@(context.Request.IpAddress)" />

<quota-by-key calls="1000000"
          bandwidth="10000"
          renewal-period="2629800"
          counter-key="@(context.Request.IpAddress)" />

User identity throttling

<rate-limit-by-key calls="10"
    renewal-period="60"
    counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />

Throttling API

• Go to resource groups: https://portal.azure.com/#blade/HubsExtension/BrowseResourceGroups
• Select resource group > API Management service
• APIs section > APIs
• Select target API > All operations > Policy editor
• Add policies (rate and quota)
• Save