Skip to main content
Feedback

Plans

Plans control the limits of an application, and give applications permission to use a specific API deployment.

An application can have a number of API Keys, but each API Key references only one plan making it valid for one API deployment. This allows precise permission and limits on the API deployment.

Plans are only allowed with APIs that use an authentication provider. You must add an Authentication Source and select it on the API Deployments page before being able to add a plan.

After you assign a plan on the API Deployments page, you must subscribe it to the API on the Applications page in the Subscription column. Without creating and attaching a plan to an API deployment, the API throws an error and does not run because it is unrecognized.

The following limits can be placed on an API deployment via the Plan:

Maximum Message Size
Restricts the size of incoming API requests to the number of kilobytes (KB) specified. Leaving the field blank allows a request of any size.

Rate Limit
The rate limit is a protection for the Gateway nodes. It is counted per node and restricts the number of incoming requests for a specified time period per Gateway. It prevents a burst of requests on the same node from the same API Key. It is not intended to limit the overall usage of an API by a certain client (Quota Limit is better suited for that) and it does not determine which node a client will hit, so sometimes a client will be able to execute more than the rate limit of requests because the requests are spread out to more than one node. Although, a client will not be able to exceed nodes * rate limit in the configured period of time. For example, if you have a two node gateway cluster and the rate limit is 5, then the actual rate limit for the gateway is 2 * 5, which is node * rate limit.

While creating a plan, you can set the rate limit - number of calls and the time period (second, minute, or hour). Leaving the field blank allows an unlimited number of calls up to the limit set on the Gateway when it is configured. The rate limit is imposed based on the time that the first call is made. For example, if the rate limit allows five calls a minute, the minute starts at the first call, and does not allow the sixth call until one minute passes from the time the first call is made. Then, five new calls are allowed to be made. Setting a new rate limit does not reset current counters, but rather updates new rate limits. For example, you set an initial rate limit plan of 10 calls per minute, and consume 5 calls, and then you reset the plan to 5 calls per minute, you find that you have already reached the allotted call limit for that period. This is because that although a plan is reset with a new rate limit, the current consumption counter does not reset to 0 until the period has passed.

note

For protection against Denial of Service-type attacks that generate a flood of sub-second or sustained high-volume requests, rate limits should be augmented by Web Application Firewalls (WAF) or other specialized infrastructure mechanisms.

note

For deployed APIs that are attached to an environment containing a multi-tenant cloud, the limit specified in the HTTP Request is used before the value specified for Rate Limit.

HTTP Request Rate value is set on the Attachment Quotas tab of Cloud Management within  Integration.

Quota Limit
Restricts the number of incoming requests for a specified time period per all Atoms within the Environment. Leaving the field blank allows an unlimited number of calls up to the limit set on the Environment when it is configured.

The quota limit begins at midnight (0:00) UTC. A weekly quota begins each Sunday. A monthly quota begins on the first day of each month.

note

For deployed APIs that are attached to an environment containing a multi-tenant cloud, the limit specified in the HTTP Request Rate is used before the value specified for Rate Limit, followed by the Quota Limit value.

HTTP Request Rate value is set on the Attachment Quotas tab of Cloud Management within Integration.

You can disable, edit an existing plan, or delete a Plan on the Plans page. Disabled plans are appended with the word (Disabled) in their title, and their status is set to Disabled. Deleted plans are removed from the Plans page.