Limit concurrency

APPLIES TO: All API Management tiers

The limit-concurrency policy prevents enclosed policies from executing by more than the specified number of requests at any time. When that number is exceeded, new requests will fail immediately with the 429 Too Many Requests status code.

Note

Set the policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.

Policy statement

<limit-concurrency key="expression" max-count="number">
        <!— nested policy statements -->
</limit-concurrency>

Attributes

Attribute	Description	Required	Default
key	A string. Specifies the concurrency scope. Can be shared by multiple policies. Policy expressions are allowed.	Yes	N/A
max-count	An integer. Specifies a maximum number of requests that are allowed to enter the policy. Policy expressions aren't allowed.	Yes	N/A

Usage

• Policy sections: inbound, outbound, backend, on-error
• Policy scopes: global, workspace, product, API, operation
• Gateways: classic, v2, consumption, self-hosted

Example

The following example demonstrates how to limit number of requests forwarded to a backend based on the value of a context variable.

<policies>
  <inbound>…</inbound>
  <backend>
    <limit-concurrency key="@((string)context.Variables["connectionId"])" max-count="3">
      <forward-request timeout="120"/>
    </limit-concurrency>
  </backend>
  <outbound>…</outbound>
</policies>

Related policies

• Rate limiting and quotas

Related content

For more information about working with policies, see:

• Tutorial: Transform and protect your API
• Policy reference for a full list of policy statements and their settings
• Policy expressions
• Set or edit policies
• Reuse policy configurations
• Policy snippets repo
• Author policies using Microsoft Copilot for Azure