Skip to main content
With Traffic Policy, you can rate limit requests to your endpoints based on a variety of criteria. This page demonstrates a few example rules that do so. See the rate-limit Traffic Policy action docs for more information.

By endpoint

This rule applies rate limiting of 30 requests per minute to the endpoint /api/videos.
on_http_request:
- expressions:
  - req.url.contains('/api/specific_endpoint')
  actions:
  - type: rate-limit
    config:
      name: Only allow 30 requests per minute
      algorithm: sliding_window
      capacity: 30
      rate: 60s
      bucket_key:
      - conn.client_ip
{
  "on_http_request": [
    {
      "expressions": [
        "req.url.contains('/api/specific_endpoint')"
      ],
      "actions": [
        {
          "type": "rate-limit",
          "config": {
            "name": "Only allow 30 requests per minute",
            "algorithm": "sliding_window",
            "capacity": 30,
            "rate": "60s",
            "bucket_key": [
              "conn.client_ip"
            ]
          }
        }
      ]
    }
  ]
}

Based on authentication status

This rule creates a lower rate limit for unauthenticated (likely free) users, while allowing authenticated users a higher level of capacity.
on_http_request:
- expressions:
  - "!('Authorization' in req.headers)"
  name: Unauthorized rate limiting tier
  actions:
  - type: rate-limit
    config:
      name: Allow 10 requests per minute
      algorithm: sliding_window
      capacity: 10
      rate: 60s
      bucket_key:
      - conn.client_ip
- expressions:
  - "('Authorization' in req.headers)"
  name: Authorized rate limiting tier
  actions:
  - type: rate-limit
    config:
      name: Allow 100 requests per minute
      algorithm: sliding_window
      capacity: 100
      rate: 60s
      bucket_key:
      - conn.client_ip
{
  "on_http_request": [
    {
      "expressions": [
        "!('Authorization' in req.headers)"
      ],
      "name": "Unauthorized rate limiting tier",
      "actions": [
        {
          "type": "rate-limit",
          "config": {
            "name": "Allow 10 requests per minute",
            "algorithm": "sliding_window",
            "capacity": 10,
            "rate": "60s",
            "bucket_key": [
              "conn.client_ip"
            ]
          }
        }
      ]
    },
    {
      "expressions": [
        "('Authorization' in req.headers)"
      ],
      "name": "Authorized rate limiting tier",
      "actions": [
        {
          "type": "rate-limit",
          "config": {
            "name": "Allow 100 requests per minute",
            "algorithm": "sliding_window",
            "capacity": 100,
            "rate": "60s",
            "bucket_key": [
              "conn.client_ip"
            ]
          }
        }
      ]
    }
  ]
}

Based on pricing tiers

Using a naming scheme in your upstream servers with API calls using a tier header, you can quickly customize access to your API based on any number of pricing tiers. This rule checks for a Tier header in the request and applies rate limiting based on the value of that header.
on_http_request:
- expressions:
  - "!('Tier' in req.headers)"
  name: Free rate limiting tier
  actions:
  - type: rate-limit
    config:
      name: Allow 10 requests per minute
      algorithm: sliding_window
      capacity: 10
      rate: 60s
      bucket_key:
      - conn.client_ip
- expressions:
  - getReqHeader('tier').exists(v, v.matches('(?i)bronze'))
  name: Bronze rate limiting tier
  actions:
  - type: rate-limit
    config:
      name: Allow 100 requests per minute
      algorithm: sliding_window
      capacity: 100
      rate: 60s
      bucket_key:
      - conn.client_ip
- expressions:
  - getReqHeader('tier').exists(v, v.matches('(?i)silver'))
  name: Silver rate limiting tier
  actions:
  - type: rate-limit
    config:
      name: Allow 1000 requests per minute
      algorithm: sliding_window
      capacity: 1000
      rate: 60s
      bucket_key:
      - conn.client_ip
- expressions:
  - getReqHeader('tier').exists(v, v.matches('(?i)gold'))
  name: Gold rate limiting tier
  actions:
  - type: rate-limit
    config:
      name: Allow 10000 requests per minute
      algorithm: sliding_window
      capacity: 10000
      rate: 60s
      bucket_key:
      - conn.client_ip
{
  "on_http_request": [
    {
      "expressions": [
        "!('Tier' in req.headers)"
      ],
      "name": "Free rate limiting tier",
      "actions": [
        {
          "type": "rate-limit",
          "config": {
            "name": "Allow 10 requests per minute",
            "algorithm": "sliding_window",
            "capacity": 10,
            "rate": "60s",
            "bucket_key": [
              "conn.client_ip"
            ]
          }
        }
      ]
    },
    {
      "expressions": [
        "getReqHeader('tier').exists(v, v.matches('(?i)bronze'))"
      ],
      "name": "Bronze rate limiting tier",
      "actions": [
        {
          "type": "rate-limit",
          "config": {
            "name": "Allow 100 requests per minute",
            "algorithm": "sliding_window",
            "capacity": 100,
            "rate": "60s",
            "bucket_key": [
              "conn.client_ip"
            ]
          }
        }
      ]
    },
    {
      "expressions": [
        "getReqHeader('tier').exists(v, v.matches('(?i)silver'))"
      ],
      "name": "Silver rate limiting tier",
      "actions": [
        {
          "type": "rate-limit",
          "config": {
            "name": "Allow 1000 requests per minute",
            "algorithm": "sliding_window",
            "capacity": 1000,
            "rate": "60s",
            "bucket_key": [
              "conn.client_ip"
            ]
          }
        }
      ]
    },
    {
      "expressions": [
        "getReqHeader('tier').exists(v, v.matches('(?i)gold'))"
      ],
      "name": "Gold rate limiting tier",
      "actions": [
        {
          "type": "rate-limit",
          "config": {
            "name": "Allow 10000 requests per minute",
            "algorithm": "sliding_window",
            "capacity": 10000,
            "rate": "60s",
            "bucket_key": [
              "conn.client_ip"
            ]
          }
        }
      ]
    }
  ]
}