Hi Everyone,
I’m trying to validate the rate limiting capability in Tyk Community Edition. I have tested below scenarios,
-
Defined the Global rate limit in API Definition in an API. It works as expected and allows 10 calls per 5 sec.
“global_rate_limit”: {
"rate": 10,
"per": 5
} -
Defined rate limit for an key and tested an API. As per below config 5 calls to StoreInfoService API should be allowed for this key for every 10s. While testing i observed after 5 valid calls, 6th call started failing with 429 but after 10s, counter has to reset and accept 5 calls again but it is not happening.
{
“last_check”: 0,
"allowance": 5,
"rate": 5,
"per": 10,
“throttle_interval”: 0,
“throttle_retry_limit”: 0,
“max_query_depth”: 0,
“date_created”: “2021-04-15T11:22:02.699679822Z”,
“expires”: -1,
“quota_max”: -1,
“quota_renews”: 1618485782,
“quota_remaining”: -1,
“quota_renewal_rate”: 60,
“access_rights”: {
“ZGVmYXVsdC9zdG9yZWluZm9zZXJ2aWNl”: {
“api_name”: “storeinfoservice”,
“api_id”: “ZGVmYXVsdC9zdG9yZWluZm9zZXJ2aWNl”,
“versions”: [
“Default”
],
“allowed_urls”: null,
“restricted_types”: null,
“allowance_scope”: “”
}
},
“org_id”: “oss”,
“oauth_client_id”: “”,
“oauth_keys”: null,
“certificate”: “”,
“basic_auth_data”: {
“password”: “”,
“hash_type”: “”
},
“jwt_data”: {
“secret”: “”
},
“hmac_enabled”: false,
“enable_http_signature_validation”: false,
“hmac_string”: “”,
“rsa_certificate_id”: “”,
“is_inactive”: false,
“apply_policy_id”: “”,
“apply_policies”: null,
“data_expires”: 0,
“monitor”: {
“trigger_limits”: null
},
“enable_detail_recording”: false,
“enable_detailed_recording”: false,
“meta_data”: {},
“tags”: [],
“alias”: “”,
“last_updated”: “1618485722”,
“id_extractor_deadline”: 0,
“session_lifetime”: 0
}
- One Key has subscription to 2 API’s. I added limit for each API as below. So basically key should have 2 different rate limits enabled and one for each api. But it is not working as expected. If i try to trigger parallel calls to both the API then what ever limit defined for each api for that key should get executed but its not happening. please correct me if my understanding is wrong.
{
“last_check”: 0,
"allowance": -1,
"rate": -1,
"per": -1,
“throttle_interval”: 0,
“throttle_retry_limit”: 0,
“max_query_depth”: 0,
“date_created”: “2021-04-15T11:22:02.699679822Z”,
“expires”: -1,
“quota_max”: -1,
“quota_renews”: 1618485782,
“quota_remaining”: -1,
“quota_renewal_rate”: 60,
“access_rights”: {
“ZGVmYXVsdC9zdG9yZWluZm9zZXJ2aWNl”: {
“api_name”: “storeinfoservice”,
“api_id”: “ZGVmYXVsdC9zdG9yZWluZm9zZXJ2aWNl”,
“versions”: [
“Default”
],
“allowed_urls”: null,
“restricted_types”: null,
“limit”: {
"per": 10,
"rate": 2
},
“allowance_scope”: “”
},
“dHlrL3R5ay1zdG9yZWFkcy1pbmdyZXNzLWJkZTc3ZjNjZg”: {
“api_name”: “tyk-storeads-ingress-bde77f3cf”,
“api_id”: “dHlrL3R5ay1zdG9yZWFkcy1pbmdyZXNzLWJkZTc3ZjNjZg”,
“versions”: [
“Default”
],
“allowed_urls”: null,
“restricted_types”: null,
“limit”: {
"per": 15,
"rate": 5
},
“allowance_scope”: “”
}
},
“org_id”: “oss”,
“oauth_client_id”: “”,
“oauth_keys”: null,
“certificate”: “”,
“basic_auth_data”: {
“password”: “”,
“hash_type”: “”
},
“jwt_data”: {
“secret”: “”
},
“hmac_enabled”: false,
“enable_http_signature_validation”: false,
“hmac_string”: “”,
“rsa_certificate_id”: “”,
“is_inactive”: false,
“apply_policy_id”: “”,
“apply_policies”: null,
“data_expires”: 0,
“monitor”: {
“trigger_limits”: null
},
“enable_detail_recording”: false,
“enable_detailed_recording”: false,
“meta_data”: {},
“tags”: [],
“alias”: “”,
“last_updated”: “1618485722”,
“id_extractor_deadline”: 0,
“session_lifetime”: 0
}
-
Also key has global rate limit property. If API level rate limit is defined like Point 3, then global rate limit of key is still valid?
-
I’m testing with one gateway. If i increase the gateway count through replicaset to 5 then distributed rate limiting will happen between all 5 gateways? I mean all gateways combined should allow 10 calls per 5 sec. Is this default behaviour of Tyk and supported in community edition?
) and see if I can replicate the behaviour. I’ll get back to you as soon as I can