How to associate organisation with rate limiting

I struggle to find documentation on this. I know rate limiting is applied to each session, but we also want to apply it to each organisation.

For example, I have 3 partners, each partner can have X number of developers. I want the developers from partner A to have total 100 request/second limit, developers from partner B to have 50 request/second, etc.

How can I achieve this? Should I use a custom middleware/plugin?

Hi, this is an old topic but basically same feeling. I am struggling with the doc for this use case. It is not clear limitations for Org Quotas/keys.

How can i handle one user/Org to have multiple keys but a global limit/quota so that each key sums the requests. ALso this shuold be in policies only and NOT API definition as multiple Customers can share the API, being from a different Org. Hope its clear. Thanks!

I am not sure we have a feature for this. The rate limit and quota in the API definition is what acts like a global rate limit even when multiple keys are used.

"global_rate_limit": {
      "rate": 10,
      "per": 10

What the initial user posted about using a custom plugin might be possible. In theory you could have the org_id as the keyID when using the Org Quotas REST API. The key generated from that would pose as something like a tracker for all other keys associated with the org_id. The tracker key would then be updated anytime any of the associated keys with the org id is triggered.

I am not sure if what I said makes sense to you but I can also ask internally for possibilities.

1 Like

Hi Olu, thanks for the quick reply. Totally makes sense and I tested that. Basically exactly as you said. And it works BUT, unfortunately, it MUST have the org_id associate it to the API also, so it makes it impossible for shared APIs between users as the API MUST have only one org_id. SO yes, out of the box with this it not possible. I am looking at other ways right now that looks promising. Testing for now.