API throttling (beta)

The API throttling feature available in the API Keys and Traffic Management app lets you define throttling counters to limit incoming API traffic on a per second basis. This ensures that every API consumer can have a high-quality experience when interacting with your API and prevents API consumers from dominating the capacity of your backend API infrastructure.

A single API consumer sending more than a thousand requests to your API within one second could negatively impact the experience of other API consumers. For example, your API could respond slowly to their requests or not send a response at all. API throttling ensures such problems do not occur by rejecting excessive requests before they reach your API server.

Other advantages of API throttling include:

  • Preventing system outages as a result of extreme spikes in traffic.
  • Protecting against excessive automated API calls by limiting the incoming requests rate to a value you consider typical for real-user traffic.
    Note: To deal with this specific use case efficiently, Akamai recommends the Cloud Security products in tandem with API Gateway. To learn more, see the Cloud Security documentation page.

To throttle your API traffic, you create throttling counters that increment based on the incoming requests to your APIs. A throttling counter is an object composed of a set of conditions that, when matched by an incoming client request, cause the counter to increase. For each counter, you define a limit of allowed requests per second, and if that limit is reached, the edge server will reject any subsequent requests that match the counter’s associated conditions. A throttling counter operates based on a moving average of received requests during the last 5 seconds. If the average decreases below the specified requests-per-second limit, API consumers regain the capability to make requests that match the counter’s associated conditions.