APIgee Developer App Rate-limiting

Question

I am new to APIgee. I just want to know can we have different rate limiting quote for different developer apps. For example I have two developer apps, 1. Dev App 1 2. Dev App 2

I want to allow "Dev App 1" to 10 requests per minute and "Dev App 2" to 15 requests per minute. How can I do this? I have explored Quota policy but it applies same quote to all the apps.

Answer 1

please consider the following steps to achieve different qouta's for different developer apps.

1. Create two API Products-> Go to Publish, Products, and create two API's products and set the appropriate Qouta there.
2. Create two or more developers. Also at Publish -> Developers
3. Create the two DEveloper Apps also at Publisch, and ensure that Developer A gets API Product A, and so on. The combination of a Developer with a API prdocuts (aka Developer App) creates an API Key. This way the qouta can be enforced by the provided apikey.
4. On the API proxy, create a Qouta policy, but also check on the API key as this latter policy provides info for the Qouta policy. An example is provided below:

The Qouta policy then checks for the APIKEy policy Developer App, and validates the qouta:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyAPIKey async="false" continueOnError="false" enabled="true" name="verify-api-key">
<DisplayName>Verify API Key</DisplayName>
<APIKey ref="request.header.apikey"/>
</VerifyAPIKey>


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Quota async="false" continueOnError="false" enabled="true" name="impose-quota">
    <DisplayName>Impose Quota</DisplayName>
    <Allow countRef="verifyapikey.verify-api-key.apiproduct.developer.quota.limit" count="2000"/>
    <Interval ref="verifyapikey.verify-api-key.apiproduct.developer.quota.interval">1</Interval>
    <Distributed>true</Distributed>
    <Synchronous>true</Synchronous>
    <TimeUnit ref="verifyapikey.verify-api-key.apiproduct.developer.quota.timeunit">month</TimeUnit>
    </Quota>

Answer 2

You can use custom attributes on the Developer or Developer Application objects in Apigee to store your per-app or per-developer quota and rate limits. When you validate an API key or access token in the Apigee proxy these attributes will be copied into the current request context so that they can be referenced from the Quota or SpikeArrest policy.

You can also use the Quota or custom attributes on the API Product, but then those attributes will apply to any developer application that is assigned that product, not only to specific developer apps.

For more info on creating developer apps using Apigee's management API, see http://apigee.com/docs/management/apis/post/organizations/%7Borg_name%7D/developers/%7Bdeveloper_email_or_id%7D/apps.