@Simanchala M [External], Technology Thanks for reaching out. The rate-limit-by-key
policy in Azure APIM allows you to limit the number of requests that can be made to an API based on a specific key. The counter-key
attribute is used to specify the key that should be used to track the number of requests made by a client.
In the example you provided, the counter-key
is set to @(context.Request.IpAddress)
, which means that the number of requests made by each IP address will be tracked separately. This is a common approach to rate limiting, as it allows you to limit the number of requests made by each client without requiring them to provide a subscription ID or other identifier.
To use this policy in your API, you can add it to the inbound policy section of your API's policy file. You can then configure the calls
, renewal-period
attributes to specify the rate limit that you want to enforce.
<inbound>
<base />
<rate-limit-by-key calls="10"
renewal-period="60"
counter-key="@(context.Request.Headers.GetValueOrDefault("X-Rate-Limit-Key", " "))"
remaining-calls-variable-name="remainingCallsPerKey" />
</inbound>
In this example, the counter-key
attribute is set to @(context.Request.Headers.GetValueOrDefault("X-Rate-Limit-Key", " "))
, which means that the value of the X-Rate-Limit-Key
header will be used as the key for rate limiting.
You can then pass the X-Rate-Limit-Key
header in the request to specify the key to use for rate limiting. For example, you could set the X-Rate-Limit-Key
header to a unique identifier for each client, such as a user ID or API key.
Do let me know incase of further queries, I would be happy to assist you.