If you have API consumers who identify with keys from a particular collection, use these options to control access and usage of your API.

  • User quota settings determine the maximum number of requests that API consumers can send to your API within a specific time period. When the quota limit is reached, ​Akamai​ edge servers stop forwarding requests to your origin server. The traffic returns to normal after the quota reset. Use the Generate a report operation to create quota reports that help you learn about the quota usage in your key collections.
  • API throttling lets you specify counters that limit the incoming API traffic. Throttling counters increase whenever an incoming request meets their corresponding throttling conditions. These conditions can either be API keys or ACL entries such as API endpoints, resources, or HTTP methods.
  • Access control lists (ACLs) provide information about endpoints and resources accessible to API consumers.

User quotas and API throttling limit the number of requests API consumers can send to your API within a specific time period. This table shows the main differences between these features:

User quota

API throttling

You can only associate a quota with a key collection. The quota limit increases whenever API consumers include API keys from that key collection in requests to your registered APIs.

You can associate a throttling counter with a condition, such as an API key, any HTTP method, API resource, or API endpoint. Depending on your configuration, a throttling counter may increase whenever an incoming request meets a condition, or any combination of conditions.

You can schedule a quota window for durations ranging from one hour to one month.

The time period for API throttling always equals one second.

Once a quota is full, it requires an automatic or manual reset to allow any subsequent requests with a given API key.

Throttling doesn’t require a reset. It operates based on a moving average. If a throttling counter reaches its limit, an API consumer needs to wait five seconds before making another request.