Rate limiting individual API methods

I recall reading or hearing in the demo video that API providers can rate-limit the API methods. Am I right to say that this is still in the works and is different from the "Per API Quota" (http://app.apigee.com/policies) feature?

I'm looking forward to offloading rate-limiting to Apigee and ideally being able to specify exactly which API methods to rate-limit.

My particular use case is that I have an account verification API method that is susceptible to brute force attacks - I'd like to place a stricter rate limit on this method than on my other API methods.

Inappropriate?

Reply to this question

1 person has this question

I have this question, too! Tell me when someone answers.
The more people who ask this question, the more it gets noticed.

EMPLOYEE
Remove Inappropriate?
Delete or Edit

brian, Employee, replied on September 03, 2009 15:33
Hi Chu Yeow,

Apigee will allow you to manage traffic along 4 dimensions:
- Request Quota (reqs / hr)
- Spike Arrest (reqs / sec)
- Data Volume Quota (MB / hr)
- Max Msg Size (kB)
For each dimension you'll be able to enforce policy at three levels:
- API proxy
- IP address
- Developer key
In the preview, the only policy we are exposing is Request Quota at the API proxy level. The other policies will drop in before the public beta.

The ability to manage traffic at the method/params level is on the roadmap, but is currently further out.
1 person says this answers the question

Add a comment This answers the question Mark as a company answer
Remove Inappropriate?
Delete or Edit

Chu Yeow replied on September 03, 2009 17:29

Thanks for the clear explanation of what will be available.

I guess I'll be looking at implementing my own rate-limiting for now then.

this answers the question

Add a comment This answers the question

Reply to Chu Yeow's question

(Some HTML allowed)

Company participation

Products & Services

This topic is tagged

Rate limiting individual API methods