1

I understand that we can have call limit on APIM by subscription keys as follows

  <rate-limit-by-key calls="3" renewal-period="15" counter-key="@(context.Subscription.Id)" />

I have a use case where I need to monetize one of my existing API for different customers. Based on the plan they choose they will be able to access this API on different limits. Say a premium customer can call my api once in every minute and a customer on my Basic plan can call the api once in 10 minutes.

I am looking for a way to have different rate limits for different API keys. Basically a Map of API key and corresponding rate limit I need to configure. So that same API can be accessible by different different clients, and each of them will be having their own rate limits.

Justin Mathew
  • 950
  • 8
  • 34
  • Should there be multiple products (representing different plans)? Each product would have its own `` (or ``) policy with corresponding limits. You then grant customers access to those APIM products. – Max Ivanov Feb 17 '21 at 13:44
  • Alternatively, both `rate-limit-by-key` and `quota-by-key` have `increment-condition` attribute. It seems like you can do `... increment-condition="@(context.Subscription.Id == "customer sub ID")"`. Hacky and untested though! :) – Max Ivanov Feb 17 '21 at 13:47
  • So you mean I can try something like this – Justin Mathew Feb 18 '21 at 02:58
  • 1
    there's probably a typo in `calls=` (should be a number) but yes, that was my idea. As I mentioned I never tried it. Let us know if it worked :) – Max Ivanov Feb 18 '21 at 13:30
  • I have tried keeping some expression to obtains the calls like the below Here I have attached -[number of calls] in the Subscription name itself to split and use it. But unfortunately calls attribute on rate-limit-by-key and quota-by-key does not support policy expressions. https://stackoverflow.com/a/43195940/8804776 – Justin Mathew Feb 18 '21 at 17:00
  • Probably I need to group them and add outer if conditions. like if Subscription contains -30 then go for this rate limit or ...etc – Justin Mathew Feb 18 '21 at 17:02
  • 1
    Unless you have only a few subscriptions which will never change, I believe it's easier to scale if you organize rate limits around products (API access tiers). This way you can define limits in individual product policies and associate subscriptions with products. – Max Ivanov Feb 18 '21 at 17:12
  • Yes you are right – Justin Mathew Feb 18 '21 at 18:11
  • 1
    Hi @JustinMathew Have you solved the problem ? If the problem was solved, could you please post an answer in below area. It may help other communities. – Hury Shen Feb 25 '21 at 06:38

3 Answers3

2

There is no inbuilt solution for this problem in Azure APIM.

calls will not support an expression due to some internal limitations.

rate-limit-by-key calls

I have managed to solve it by applying the rate-limit policy on the Product scope. By using

when

https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#choose

So my inbound policy will be something like this

        <choose>
            <when condition="@(context.Subscription.Name=="abcd")">
                <rate-limit-by-key calls="1" renewal-period="15" counter-key="@(context.Subscription.Id)" />
            </when>
            <when condition="@(context.Subscription.Name=="efgh")">
                <rate-limit-by-key calls="2" renewal-period="15" counter-key="@(context.Subscription.Id)" />
            </when>
            <otherwise />
        </choose>
Justin Mathew
  • 950
  • 8
  • 34
0

For your use case, a better option might be to use a quota instead of a rate limit. "Quotas are usually used for controlling call rates over a longer period of time. For example, they can set the total number of calls that a particular subscriber can make within a given month. For monetizing your API, quotas can also be set differently for tier-based subscriptions. For example, a Basic tier subscription might be able to make no more than 10,000 calls a month but a Premium tier could go up to 100,000,000 calls each month."

Source: https://learn.microsoft.com/en-us/azure/api-management/api-management-sample-flexible-throttling#rate-limits-and-quotas

Martin Krastev
  • 161
  • 1
  • 3
0

The APIM documentation says tiered access is achieved by configuring multiple APIM products for the API. Each APIM Product has the policy with the required limits and quotas enforced. So you configure, for example, a Basic Tier and a Premium Tier product. This is configurable in the APIM by doing the following:

  • Remove rate limit policies from the API as this does not allow different tiers
  • Put the existing rate limit into a Basic Tier product and associate this to the API
  • Add a new Product - Premium Tier
    • Requires Subscription
    • Requires Approval
  • Copy any custom policy on existing Basic Tier product .. anything custom code to do things like authenticate
  • Add the increased rate limits/quotas to the policy of the Premium product
  • Add the Premium Tier product to the required API (multiple products can be assigned to an API)
  • Assign a Premium Tier product subscription to each of the APIM Users that require premium access
  • Have the users include the Subscription Key header in their API calls. Their calls will go through the Premium product and have the associated limits and quotas
Simon Dowdeswell
  • 1,001
  • 11
  • 19