API Management Solutions

Question

I'm currently building an API and am looking for a tool to allow me to monitor (in a GUI) and rate-limit usage. I've come across a few enterprise solutions including:

• http://apigee.com/
• http://mashery.com/
• http://www.layer7tech.com/
• http://www.3scale.net/

The Apigee enterprise plan is exactly what I'm looking for but plans start at $3000 / month which is out of my price range. The other solutions are all either too expensive or do not provide the solution I'm looking for.

This led me to look at some open source options including:

• http://apiaxle.com/
• https://code.google.com/p/varnish-apikey/wiki/UsageManual

Varnish seems like a fairly complete solution; however, I would need to build a GUI to visualise the data.

My final option would to build a solution from scratch using EventMachine and ruby.

Any advice?

Answer 1

I think you overestimate how hard this is.

In your code just have a counter with redis/memcached/mongodb (1/24 hour counter or hourly/daily counter depending on your needs) and return the appropriate error when the limit has been met. You can either increment the counts right there, or do that asynchronously when processing your logs.

For showing the data, just make a simple web page summarizing the counts as needed.

For our use we don't need to limit things exactly, so we generally just log through our log infrastructure and one of the (real-time-ish through scribe) log processors will summarize this sort of thing. The output is a simple HTML page with the busy IPs/clients, some page that nagios can monitor and some URLs that munin pulls data from to make graphs.

Answer 2

You can use naxsi with nginx. just override your /requestDenied location with limit rules you need:

map naxsi redirect parameters to corresponding limit:

map $arg_uri $limit_uri {
  123.php   limit_zone1;
  234.php   limit_zone2;
default limit_default;
}

use limits in location:

 location /RequestDenied {
     proxy_pass http://127.0.0.1:4242;
     limit_req $limit_uri;
   }