Exercise - Throttle API requests
In API Management, you use policies to implement throttling (rate limiting).
Recall that your government agency would like to prevent the abuse of their APIs, such as large volumes of requests.
In this unit, you learn how to set a limit on the frequency that your Census API can be called. In this example, the limit is applied globally to all of your Census API endpoints.
Apply a rate limit policy
To apply a throttling policy within API Management, follow these steps:
Sign in to the Azure portal using the same account you used in the previous exercises.
On the Azure portal menu or from the Home page, select All Resources, and then select your API Management instance.
In the left menu pane, Under APIs, select APIs, and in the middle pane, select Census Data.
In the top menu bar, select the Design tab, and then select All operations.
In the Inbound processing section, select the </> icon. The XML policy editor appears.
Replace the entire
<inbound>element with the following code:<inbound> <rate-limit calls="3" renewal-period="15" /> <base /> </inbound>Select Save.
Your policy file should contain all three policies, similar to this code:
<policies>
<inbound>
<rate-limit calls="3" renewal-period="15" />
<base />
</inbound>
<backend>
<base />
</backend>
<outbound>
<set-header name="x-powered-by" exists-action="delete" />
<redirect-content-urls />
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
Note
The order of the policies within each section is not important for this example.
Test the policy
Now let's see if the throttling policy is working:
Select Census Data again, and in the top menu bar, select the Test tab.
Select the GetLatestCensus operation, and then select Send three times in a row.
Upon sending the request the third time, you should get a 429 error (too many requests) response:
