[Apiman-user] APIMAN rate limiting policy granularity
Subbarao Denduluri
sdenduluri at ebsco.com
Fri May 27 09:20:54 EDT 2016
Thanks for the Clarifications Eric. This is very helpful
-Subba
-----Original Message-----
From: Eric Wittmann [mailto:eric.wittmann at redhat.com]
Sent: Friday, May 27, 2016 9:04 AM
To: Subbarao Denduluri <sdenduluri at ebsco.com>; apiman-user at lists.jboss.org
Subject: Re: APIMAN rate limiting policy granularity
(adding the apiman-user list for posterity)
Thanks for the question. Here are definitions of these two granularities:
User: only possible when also using Authentication (basic or oauth), the granularity is based off the username of the authenticated user as well as the API information. In other words, the "rate limiting counter id" for this would be:
username+apiOrgId+apiId+apiVersion
Client: only possible for non-public APIs - this is based off the API Key of the client app issuing the rquest. In other words, the "rate limiting counter id" for this would be:
API Key+apiOrgId+apiId+apiVersion
I hope that helps!
-Eric
On 5/26/2016 3:40 PM, Subbarao Denduluri wrote:
> The granularity shows: user , api and client. What is the difference between user and client. And also thinking of putting the policy at the APIKEY level. Does that mean the user level?
>
> thanks
>
More information about the Apiman-user
mailing list