How to set Throttling policies for your API for Health
If you offer your service or API for Health to third parties, or if you are considering doing so, or if you want to subscribe to Health APIs to integrate them easily into your software, then it’s of your interest a very important feature in Nubentos. Specifically, our platform is responsible for detecting and rejecting requests that do not follow certain traffic control policies defined for your API. In this article we tell you how to set Throttling policies for your Health API.
Tabla de Contenidos
What is a Throttling policy?
Throttling policies allow you to limit the number of valid requests in a certain period of time.
You can also set the bandwidth limit, instead of the number of requests, for example when there are files involved in the API request.
As an API provider, these controls allow you to guarantee the stability and continuity of your service. Nubentos manages it for you, and your servers do not notice.
As an API consumer, these controls allow you to keep development costs under control.
Some of the situations in which you are interested in establishing these limits are:
- Protect your API against certain known cyber attacks, such as denial of service (DoS) attacks.
- Regulate the traffic you receive according to the capacity offered by the available infrastructure.
- Make your service or API available to your customers at different levels of consumption, as part of your monetization strategy.
What Throttling limits can you set?
Nubentos allows you to set Throttling limits at several levels:
- Subscription, limiting the number of requests allowed for the API subscriber in a certain period of time.
- Application, on the consumer side of the API, limiting the number of requests allowed to all APIs subscribed in the application, in a certain period of time.
- API, limiting the number of requests allowed in a certain period of time.
- Resource, limiting the number of requests allowed to each API resource in a certain period of time.
In addition, we can establish a control to avoid bursts of requests highly concentrated in brief periods of time, usually a second. These peaks of traffic are dangerous for the stability of the service and can be a symptom of an improper use that must be blocked.
An example will help understand all these controls.
Suppose an API that has an established limit of 1000 requests per minute and no limits at the resource level.
Two users subscribe to the API using the same application, App1.
Both decide to subscribe to the Gold level, which establishes a consumption limit of 20 requests per minute.
The App1 application also sets a limit per token of 20 requests per minute.
When both users are consuming the API, they will be within the overall limit of the API (1000 requests per minute).
But the App1 application that both share sets a limit of 20 requests per minute, so when both users reach that number of requests, they will not be able to send more even if they have not consumed the limit of their respective subscriptions at the Gold level.
In the next minute all the counters return to zero.
In this way, the traffic received by the API at different levels of the transaction can be controlled.
Let’s see each one with a little more detail.
Throttling at the Subscription level
For the API Provider
When you publish your API in Nubentos, you must select from the defined subscription plans, which ones you will offer to the possible subscribers of your API.
The configuration of these subscription plans is made by Nubentos team, following the instructions provided by each API provider.
These consumption segments usually implement the monetization strategy of your API, whose definition is an important step in the management of the API by the provider.
The consumption thresholds that define these subscription levels establish Throttling limits that affect each subscriber of each API.
When defining these subscription levels, the burst controls of requests that can pose a risk to the stability of the service are established. For example, you can set a burst limit of 5 requests per second. Any request that, in that same second, exceeds the fifth request, will be rejected as erroneous.
Observe how this type of controls allows “distribute” the traffic evenly over time.
For the API Consumer
When an API Store user subscribes to the API, he/she selects the level of consumption that best suits his/her use cases, number of end users, etc. From the subscriber’s side, it is a way to optimize development costs, by adjusting them to the actual use that the API will have in your software product.
The API Consumer can set another Throttling limit, at the application level. And what is an application in Nubentos? It is a logical entity that serves to organize the different subscriptions to APIs and share the same authorization tokens among them.
If a company subscribes to several APIs, or at different consumption levels of the same API, it can do so under the same application or in different applications.
The developer can define an additional limit at the application level, called Per Token Quota, which determines the maximum number of requests accumulated among all the subscriptions under that application, in a certain period of time.
When you publish the API, a process that by the way is much faster than you think, you can also set advanced Throttling limits.
In particular you can set a limit of requests for the complete API, counting for it all the requests to all its resources, or for each resource of the API, counting then for each resource limit only the requests to that resource of the API.
These advanced Throttling parameters are defined by the API provider during its publication.
There are more options for advanced Throttling, such as whitelists and blacklists of IPs, users, applications, etc. But we will talk about them in future posts.
In this post we have made a quick tour through the different options available in Nubentos so that your APIs for Health, or your subscriptions to APIs for Health, distribute your requests in time in a balanced and safe way.
As an API provider, your servers will be more protected and Nubentos analytics will allow you to detect situations with which you can make appropriate decisions for the management of your resources.
As an API consumer, you can monitor the use your software products make of your subscriptions and optimize your development costs.
And remember that, in both cases, all these facilities and tools are available to you at no cost.