It is possible to force API quota and rate limit across all keys that belong to a specific organisation ID?
I took this sentence from the official doc but I can’t find any example on how to do it. This is similar to this post Share quota for multiple API KEYS.
@Olu could you help me with this? Thanks
Yes, it is possible.
You can achieve this using policies.
For more details about this, here is a guide – > Security Policy
And here is an example of a Policy – > Policies Guide
Let us know if you need more help. Thank you
Hi @Michael.m , thanks for you reply.
We’ve already check the doc you are referring to us and honestly I don’t know how we can share quota among multiple keys after reading it. I think the doc here: Security Policy and here: Policies Guide doesn’t mention anything about what we are trying to achieve.
Hi, is it possible to have a better example in the doc? I tried what is on the doc but it doesn’t work. At this point, I don’t know if it’s a but, if the doc is not clear or if I’m not understanding. Could please you point me to an example configuration? Thanks
Hi @Leobel_Izquierdo and @javiertc
The steps to implement it would be like below;
First, generate a token to handle the group quota.
Then generate the client tokens (mobile, web etc).
Next, add the group token as metadata to each client token.
Create a “dynamic” api that uses an advanced url rewrite(Looping) to take a “target”, and “path” querystring or header variable and uses those to build the rewrite. This makes the cost of another call minimal.
Each api that needs to handle the group quota needs to:
Replace the auth header with the group key, redirect the request using a URL rewrite(looping) to the “dynamic” api with the correct target and path variables.
The request will be authorized in trip 1, but the quota only applied to the group token in trip 2. Essentially providing a “grouped” quota.
Thank you once again.