User quota

User quota settings determine the maximum number of requests that API consumers can send to your APIs within a defined time period.

You set the user quota limit at the key collection level and apply the settings to all keys included in the collection. As long as an API key has a remaining quota, API consumers can use the key to access your endpoints and resources. When a key's quota reaches its limit, edge servers stop forwarding the requests made with the key to your origin server. The key regains its full quota after either the scheduled automatic quota reset, or after a manual reset. For information on the manual quota reset for individual keys, see Reset key quota.

Staging and production environments have the same quota counters for API keys. This means that when you make test requests with an API key in the staging environment, you also increase the key's quota counter in the production environment. To ensure that your activity in the staging environment does not influence the production quota, create and use separate API keys for testing purposes.

Quota headers

You can provide details about a key's current quota status to the clients that send requests to your API. The details are passed via the quota limit response headers and include:

Header

Description

Sample value

X-RateLimit-Limit

The request limit per specified unit of time.

100

X-RateLimit-Remaining

The remaining number of requests that API consumers can send in the current time window.

75

X-RateLimit-Reset

The UTC epoch timestamp indicating the time of the next quota reset. Sent only when quota remains.

1521214822

X-RateLimit-Next

The UTC epoch timestamp indicating the time of the next quota reset. Sent only when quota is full.

1521215291

At any time, you can change the collection-level quota settings, including allowed requests per time unit and headers, by editing the information included in the Quota settings section.

Configure quota settings

You can set a user quota limit, which is the maximum number of requests that your API can respond to within a specific time period, for keys included in a key collection. When the quota reaches its limit, edge servers stop forwarding traffic to your origin server until the quota resets. You can also decide whether to send quota limit headers in response to API requests.

📘

API

You can also complete this task by using the Keys and Traffic Management API. Run the Edit quota settings operation.

  1. In API Keys and Traffic Management, from the Key collections list on the left, select the collection you want to set a user quota limit for.

  2. In the collection panel, click pencil iconpencil icon next to Quota settings.

  3. In the Edit quota settings window, set the Enable quota switch to Yes.
    Additional fields appear.

  4. In the Each key is allowed area:

    a. In the text field, enter the maximum number of requests each key in the collection can successfully make, in the 100 – 1000000000 range.

    📘

    Staging and production environments have the same quota counters for API keys.

    b. From the drop-down menu, select the time period for the quota limit.
    The drop-down menu determines how often the system should reset the quota. The times of the quota reset are fixed and you cannot change them. The following table lists the values available and their corresponding fixed reset times in the UTC time format.

Value

Reset time

Hour

The start of each hour, XX:00:00 UTC

6 Hours

00:00:00 UTC, 06:00:00 UTC, 12:00:00 UTC, 18:00:00 UTC

12 Hours

00:00:00 UTC, 12:00:00 UTC

Day

00:00:00 UTC

Week

The start of each week (Monday), 00:00:00 UTC

Month

The start of each month, 00:00:00 UTC

  1. Optional: In the Quota headers section, select the response headers to return when the quota remains or when the quota is at its limit.

  2. To confirm the changes, click Update quota.


Did this page help you?