API Rate Limiting

Another common concern for exposed APIs to external traffic is how to rate-limit consumers of those APIs, such as to those used to enforce Service Level Access policies and prevent Denial of Service attacks. Rate Limiting solutions can provide per-identity access limits corresponding to different levels of access privilege.

The Istio Dev Portal comes bundled with a Rate Limiting Server which plugs directly into Istio to rate limit API calls made through Istio Gateways.

Configuration of the Rate Limit Server is performed automatically by the Dev Portal based on the configuration provided in the Usage Plans defined in each API Product.

When Usage Plans are enabled for an API Product, API client requests issued to that product will be rate limited under a predefined Usage Plan. When a user is authorized to consume an API, the rate limiting policies defined in the associated Usage Plan are applied.