Add a limit to the number of requests that can be done on an API for a given period of time. The limit can be set globally on a route, on specific consumers or both.

Enable request limiting by executing the following request:

curl -X POST -H "Content-Type: application/json" -d '{
"name": "request_limiting",
"route_id": <route_id>,
"http_methods": [
  "*"
 ],
 "config": {
     "limit": <limit_per_window>,
     "window": <seconds_per_window>
 }
}' "http://localhost:9090/admin/plugin-configs"

JSON body parameters:

• route_id (required): the route this plugin configuration applies to.
• consumer_id: the consumer this plugin configuration applies to.
• http_methods: the HTTP methods this plugin configuration applies to, e.g. POST. The asterisk character (*) captures all methods. Please keep all method names uppercase, e.g. use GET instead of get.
• config: a JSON object containing plugin-specific configuration parameters

Configuration (config) parameters:

• limit: The number of requests that are allowed in a given window.
• window: The number of seconds that define a window. Default = 1 second.

Example on a hypothetical balances API, where a specific consumer cannot execute more than 30 requests per minute.

curl -X POST -H "Content-Type: application/json" -d '{
"name": "request_limiting",
"consumer_id": "9a7476a6-5734-4dc9-8bdd-a0e4c3d442fd"
"route_id": "balances",
"http_methods": [
  "*"
 ],
 "config": {
     "limit": 30,
     "window": 60
 }
}' "http://localhost:9090/admin/plugin-configs"

When the limit of requests is reached, Acheron returns an error with HTTP code 429 Too Many Requests.

When rate limiting applies to a consumer, the following headers are sent back with the response:

• X-Rate-Limit: The limit that is applicable for the consumer
• X-Rate-Remaining: The number of requests remaining in the current window
• X-Rate-Reset: The number of seconds the consumer must wait before making a new request