Rate Limiting

What is Rate Limiting?

Rate limiting controls the number of API requests a client can make within a specified time frame. It’s a critical function that helps maintain the performance and availability of web services and APIs by controlling the request traffic.

Why is Rate Limiting important?

Rate Limiting is necessary when using an API gateway for the following reasons:

• Resource Protection: Ensures that no single user or client could monopolize resources and degrade the performance or impact the experience of other users.
• Security: Helps protect against certain types of security attacks, like DDoS (Distributed Denial of Service) attacks, by limiting the rate at which requests can be made.
• Cost Management: Prevents a sharp increase in usage (therefore cost) from either a bug or deliberately heavy usage by a consumer.
• Quality of Service: Certain user tiers may be given different rate limits to ensure a level of service. For example, premium users may have a higher rate limit than free users.
• Enforcing API Tiers/Plans: Different pricing plans may have different usage limits.

Rate limits are typically defined on per-second, per-minute, or hourly intervals and are often configurable so they can be finely tuned based on the specific requirements of the system and its users.

• Enable rate limiting for a consumer with Kong GatewayView →
• How to create rate limiting tiers with Kong GatewayView →
• Enable rate limiting on a service with Kong GatewayView →
• Multiple rate limits and window sizesView →
• View More →