Configuring limits
Overview¶
Once a product is created, customers are able to access the included endpoints without any limitations using the API key issued by Nadles.
API providers can use Nadles's rich toolkit to define, what limitations customers have when they are subscribed to this product.
Read "Before you begin" to learn more about the product concept.
Limits page¶
Navigate to Products → choose a product → Limits.
There are two types of limits in Nadles:
- Rate limits
- Rejection rules
By combining them you can flexibly configure a wide variety of products.
Rate limits¶
A rate limit can be specified per N seconds/minutes/hours.
-
Click "Add rate limit".
-
Configure the new rate limit.
Rate limits can be applied to several endpoints. In that case, the Nadles engine will calculate the total request rate for the group of endpoints.
Max burst — an additional number of requests accepted in case the rate limit was exceeded by the user.
Max burst example¶
- Rate limit: 1 req/s
- Max burst: 5 reqs
In case 7 requests hit the Nadles API Gateway at the same moment, the first six requests are passed without a delay, and the last, seventh request is rejected. All the following requests are also rejected until the rate of 1 req/s is achieved.
Difference between quotas and rate limits
The difference between rate limits and quotas is that rate limits cap the number of calls within a rolling time window (i.e. last N seconds/minutes/hours), whereas quota periods are calculated starting from the beginning of subscription.
E.g. if there is a subscription started on 01-01-2022 at 00:00:00 and there is a quota of 100 calls per 1 day, then there will be the following time periods:
Quota | Time period |
---|---|
100 | 2022-01-01 00:00:00 — 2022-01-01 23:59:59 |
100 | 2022-01-02 00:00:00 — 2022-01-02 23:59:59 |
100 | 2022-01-03 00:00:00 — 2022-01-03 23:59:59 |
100 | ... |
Rejection rules¶
Overview¶
Rejection rules are JavaScript expressions that tell Nadles API Gateway whether the current request should be rejected.
If an expression evaluates to true, Nadles API Gateway will reject the request.
It's useful for implementing premium features and impose limitations on input parameters.
Example
For instance, a limitation might sound as
For the "Basic" subscription plan request body can't exceed a maximum of 1000 bytes.
In this case, the Nadles API Gateway needs to check the request body length and reject the request if the length exceeds 1000 bytes.
The expression needs to be:
One rejection rule can be applied to several endpoints. The expression will be evaluated for each call to any of the selected endpoints and if the result is true
, the call is rejected.
Add rejection rule¶
-
Click "Add rejection rule".
-
Enter the expression, select the endpoints this rule applies to, and click "Save".
-
The rejection rule is now added to the product.
Expression variables¶
There is a number of variables that can be used in the expression.
Note that response variables are not available, since rejection rules are evaluated before proxying the request.
Path parameters¶
path.params.*
— placeholder values specified in the endpoint URL.
Note
Placeholder names are case-sensitive.
Example
If an endpoint URL is /resource/{resourceId}
and the HTTP request URL is /resource/801d49c2-ca05-42b1-97af-baf0ddf36ba3
,
then there will be a variable path.params.resourceId
with value "801d49c2-ca05-42b1-97af-baf0ddf36ba3"
.
Client IP address¶
request.remote_addr
— Client IP address.
Request headers¶
request.headers['header-name']
— Request header values.
Warning
Header names are lower-case.
Request query string parameters¶
request.query['query_string_parameter_name']
— Request query string parameters.
Warning
Query string parameter names are case-sensitive.
Example¶
Request body¶
request.body
— Request body.