WSO2 APIM Gateway Flow & Rate Limiting Flow
So, what happens when an API is called to WSO2 API Gateway? And how does that different levels of throttling polices are applied? These are the most common questions with respect to API Gateway & API Security. Let's see the details step by step-
When An Api is called with Token
Image Credits: WSO2
- Gateway Checks if --> API Proxy exists
- API Proxy Checks for --> Resource exists or not
- Token validation by KM and acknowledge to --> Gateway (Gateway itself validates in case of JWT)
- Gateway Calls --> TM(traffic manager) to publish invocation data asynchronously.
- Traffic Manager --> Enforces throttling policies
- Gateway to execute--> any custom mediation extensions
- Gateway publishes--> events to analytics server
- Gateway calls --> to backend
The API Rate Limiting Sequence
There are different level of rate limiting policies as supported by WSO2 API Manager. Below are the list of policies we can configure for respective APIs-
- Application level
- Subscription level
- Advance Throttling
- Custom Throttling
- Blocking conditions
Following is the order of precedence of applying the throttling policies for. Request initiated by client-
- Client --> Gateway
- Request --> Gateway [ Checks blocking condition ]
- Next --> API Level Policies --> Resource Level Policies
- Next --> Gateway checks for Subscription level throttling
- Next --> Application Level Policies
- Next --> Custom Policies
- Next --> Hard Level Policies [backend supported]
[ API Level ] >>
[ Resource Level ] >>
[ Subscription Level ] >>
[ Application Level ] >>
[ Custom Policies ] >>
[ Hard Level ]
Image Credits: WSO2
nice ..................!
ReplyDeletemulesoft training
pega training
servicenow training training