Limit concurrency
APPLIES TO: All API Management tiers
The limit-concurrency policy prevents enclosed policies from executing by more than the specified number of requests at any time. When that number is exceeded, new requests will fail immediately with the 429 Too Many Requests status code.
Note
Set the policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.
Policy statement
<limit-concurrency key="expression" max-count="number">
<!— nested policy statements -->
</limit-concurrency>
Attributes
| Attribute | Description | Required | Default |
|---|---|---|---|
| key | A string. Specifies the concurrency scope. Can be shared by multiple policies. Policy expressions are allowed. | Yes | N/A |
| max-count | An integer. Specifies a maximum number of requests that are allowed to enter the policy. Policy expressions aren't allowed. | Yes | N/A |
Usage
- Policy sections: inbound, outbound, backend, on-error
- Policy scopes: global, workspace, product, API, operation
- Gateways: classic, v2, consumption, self-hosted, workspace
Example
The following example demonstrates how to limit number of requests forwarded to a backend based on the value of a context variable.
<policies>
<inbound>…</inbound>
<backend>
<limit-concurrency key="@((string)context.Variables["connectionId"])" max-count="3">
<forward-request timeout="120"/>
</limit-concurrency>
</backend>
<outbound>…</outbound>
</policies>
Related policies
Related content
For more information about working with policies, see:
- Tutorial: Transform and protect your API
- Policy reference for a full list of policy statements and their settings
- Policy expressions
- Set or edit policies
- Reuse policy configurations
- Policy snippets repo
- Author policies using Microsoft Copilot in Azure