Enforcing MuleSoft Rate Limiting Policy Using API Manager API
CORE
·
Join the DZone community and get the full member experience.
Join For FreeIntroduction
A Rate Limiting policy limits the number of requests an API accepts within a window of time. The API rejects requests that exceed the limit. You can configure multiple limits with window sizes ranging from milliseconds to years.
Generally, we configure the Rate Limiting policy from the AnyPoint Platform API Manager, but we can enforce Rate Limiting or any other Policy using API Manager API. MuleSoft provides a set of APIs that can be used to enforce policies in API Manager.
There are various attributes required to enforce a rate-limiting policy. So, we can configure the maximum number of requests needed to be processed in a particular time frame.
Applying the Rate Limiting Policy Using API Manager API
First, we need to identify which API can be used to apply the policies. So, MuleSoft provided a developer portal that can be used to fetch details about policies API.
Policies API Url
We need to pass organizationId, environmentId, and apiId in the above URL as a URI parameter.
Fetching Organization Id
To fetch Organization Id, navigate to Access Management ⇒ Organization and click on your organization. It will open a pop-up window that will provide the OrganizationId. This can be used in the URI parameter of the policies API.
Fetching Environment Id
To fetch the Environment Id, navigate to Access Management ⇒ Environment and click on your environment (i.e. Sandbox). This will open a pop-up window. From there, we can get the environmentId in the URL. This can be used in the URI parameter of the policies API.
Fetching API Id
For fetching the API Id, navigate to the API Manager in the AnyPoint Platform and select the API that you need to apply the policy. From there, you can see the API Id.
Now, we have the organizationId, environmentId, and apiId that needs to be passed to policies API as URI parameters.
We will also require an access token that needs to be passed in the Authorization header of the Policies API request.
Generating Access Token
MuleSoft provides a separate API for generating an access token. To do this, we need to pass the username and password in the body of our request.
You can use curl utility to generate the token.
xxxxxxxxxx
$ curl -H "Content-Type: application/json" -X POST -d '{"username":"<<Anypoint_Username>>","password":"<<Anypoint_Password>>"}' https://anypoint.mulesoft.com/accounts/login
Response
xxxxxxxxxx
{
"access_token": "0cf70dc0-1982-42b5-8140-836048c15ce8",
"token_type": "bearer",
"redirectUrl": "/home/"
}
Alternatively, you can use Postman to generate the token.
Applying the Policy Using API Manager API
First, we need to identify what attributes we need to pass for applying rate limiting policy.
Go to exchange and search for “Rate Limiting Policy Template”.
https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/rate-limiting/
Click on “API Gateway Rate limiting policy template”.
Now, download the policy definition, which will download a yaml file that will provide all attribute details that we need to pass.
xxxxxxxxxx
idrate-limiting
nameRate limiting
supportedPoliciesVersions'>=v1'
descriptionSpecifies the maximum value for the number of messages processed per time period, and rejects any messages beyond the maximum. Applies rate limiting to all API calls, regardless of the source.
categoryQuality of service
violationCategoryqos
typesystem
resourceLevelSupportedtrue
standalonetrue
requiredCharacteristics
providedCharacteristics
Baseline Rate Limiting
configuration
propertyNamekeySelector
nameIdentifier
description"For each identifier value, the set of Limits defined in the policy will be enforced independently. I.e.: #[attributes.queryParams['identifier']]."
typeexpression
optionaltrue
allowMultiplefalse
propertyNamerateLimits
nameLimits
descriptionPairs of maximum quota allowed and time window.
typerateLimits
optionaltrue
allowMultipletrue
defaultValue
propertyNameclusterizable
nameClusterizable
descriptionWhen using a clustered runtime with this flag enabled, configuration will be shared among all nodes.
typeboolean
optionaltrue
defaultValuetrue
allowMultiplefalse
propertyNameexposeHeaders
nameExpose Headers
description
Defines if headers should be exposed in the response to the client. These headers are: x-ratelimit-remaining,
x-ratelimit-limit and x-ratelimit-reset.
typeboolean
optionaltrue
defaultValuefalse
allowMultiplefalse
Now, you can use CURL to apply policy by calling the policies API.
xxxxxxxxxx
curl -X POST \
https://anypoint.mulesoft.com/apimanager/api/v1/organizations/:organizationId/environments/:environmentId/apis/:apiInstanceId/policies \
-H 'authorization: Bearer 0cf70dc0-1982-42b5-8140-836048c15ce8 \
-H 'content-type: application/json' \
-d '{
"configurationData":{
"rateLimits":[
{
"timePeriodInMilliseconds":60000,
"maximumRequests":100
}
],
"clusterizable":true,
"exposeHeaders":false
},
"policyTemplateId":"rate-limiting",
"assetId":"rate-limiting",
"assetVersion":"1.3.3",
"groupId":"68ef9520-24e9-4cf2-b2f5-620025690913"
}'
{
"configurationData":{
"rateLimits":[{"timePeriodInMilliseconds":60000,"maximumRequests":100}],
"clusterizable":true,
"exposeHeaders":false
},
"policyTemplateId":"rate-limiting",
"assetId":"rate-limiting",
"assetVersion":"1.3.3",
"groupId":"68ef9520-24e9-4cf2-b2f5-620025690913"
}
You need to pass organizationId, environmentId, and apiId that we have fetched above. Currently, we have a placeholder in the curl policies API.
You can use Postman to call the policies API.
This is a very useful utility when you need to apply policies via CI/CD, and now you know how to apply rate-limiting policy using the API Manager API!
Opinions expressed by DZone contributors are their own.
Comments