WSO2 APIM Gateway Flow & Rate Limiting Flow
So, what happens when an API is called to WSO2 API Gateway? And how does that different levels of throttling polices are applied? These are the most common questions with respect to API Gateway & API Security. Let's see the details step by step- When An Api is called with Token Image Credits: WSO2 Gateway Checks if --> API Proxy exists API Proxy Checks for --> Resource exists or not Token validation by KM and acknowledge to --> Gateway (Gateway itself validates in case of JWT) Gateway Calls --> TM(traffic manager) to publish invocation data asynchronously. Traffic Manager --> Enforces throttling policies Gateway to execute--> any custom mediation extensions Gateway publishes--> events to analytics server Gateway calls --> to backend The API Rate Limiting Sequence There are different level of rate limiting policies as supported by WSO2 API Manager. Below are the list of policies we can configure for respective APIs- Application level Subscrip