API throttling vs. user quota

API throttling is similar to another API Gateway feature called user quota. Both features limit the number of requests an API consumer can send to your API within a specific time period. The table below helps you understand the main differences between user quota and API throttling.

User quota API throttling
You can only associate quota with a key collection. The quota limit increases whenever API consumers include API keys from that key collection in requests to your registered APIs. You can associate a throttling counter with the following conditions:
  • API key
  • HTTP method (GET, POST, PUT, HEAD, PATCH, OPTIONS, DELETE)
  • API resource
  • API endpoint

Depending on your configuration, a throttling counter may increase whenever an incoming request meets any of the above conditions, or a combination of these conditions.

You can schedule a quota window for the following time periods:
  • 1 hour
  • 6 hours
  • 12 hours
  • 1 day
  • 1 week
  • 1 month
The time period for API throttling always equals one second.
Once quota is full, it requires an automatic or manual reset to allow any subsequent requests with a given API key. Throttling does not require a reset. It operates based on a moving average. If a throttling counter reaches its limit, an API consumer will wait for a maximum of 5 seconds to regain the capability to make subsequent requests.

When you configure both quota and throttling for a given API key, API Gateway first applies throttling conditions, and based on whether the request was successful, increases the quota count for the API key.

To learn more about quota, see User quota.