diff --git a/docs/user-guide/api-mediation/configuration-rate-limiter.md b/docs/user-guide/api-mediation/configuration-rate-limiter.md new file mode 100644 index 0000000000..d786c07c2d --- /dev/null +++ b/docs/user-guide/api-mediation/configuration-rate-limiter.md @@ -0,0 +1,37 @@ +# Configuring custom rate limiter + + +The API Gateway offers a way to customize the rate limit per service by introducing a configurable rate limiter. + +It’s essential for the system to prevent individual users from overloading it. +By setting rate limits per user on selected services, this configuration helps ensure that one user's activity doesn’t negatively impact the experience of others, +mitigating the risk of Distributed Denial-of-Service (DDoS) attacks and other automated exploit attempts. + +## Procedure + +1. In the zowe.yaml, set the following rate limiting properties in api/gateway/routing: + + * **rateLimiterCapacity** + Defines the total number of requests that can be allowed at one time per user. + + * **rateLimiterTokens** + Defines the number of requests that are added to the service’s allowance at regular intervals. This property controls how quickly requests are replenished after being consumed. + + * **rateLimiterRefillDuration** + Sets the time interval (in minutes) at which new requests (or tokens) are added. + +2. Define the services to limit: + + Use `servicesToLimitRequestRate` to specify a list of services to limit. In the following example, this property applies to the API Catalog. + +**Example configuration:** +``` + apiml: + gateway: + routing: + rateLimiterCapacity: 20 + rateLimiterTokens: 20 + rateLimiterRefillDuration: 1 + servicesToLimitRequestRate: apicatalog +``` +In simple terms, this rate-limiting configuration allows to control how many requests users can make to specified services and how quickly their request allowance renews, promoting fair access and better overall system stability. diff --git a/docs/user-guide/api-mediation/configuration-routing.md b/docs/user-guide/api-mediation/configuration-routing.md index f153cfde01..c62d309b56 100644 --- a/docs/user-guide/api-mediation/configuration-routing.md +++ b/docs/user-guide/api-mediation/configuration-routing.md @@ -25,6 +25,8 @@ The Gateway retry policy, customizable through zowe.yaml, optimizes request hand To customize the Gateway retry policy, see [Customizing Gateway retry policy](./configuration-gateway-retry-policy.md). +To configure a custom rate limiter, see [Configuring custom rate limiter](./configuration-rate-limiter.md). + Additionally, API ML supports specific instance access and load balancer cache distribution, improving service identification and scalability. These configurations, including service ID adjustments for compatibility with Zowe v2, demonstrate Zowe's adaptability and robustness in API management. To configure a unique cookie name for each instance to prevent overwriting of the default cookie name in the case of multiple Zowe instances, or for more complex deployment strategies, see [Configuring a unique cookie name for a specific API ML instance](./configuration-unique-cookie-name-for-multiple-zowe-instances.md).