Oracle API Platform Cloud Service: Configuring Rate-Limiting, Header Validation, and Resource-Based Routing Policies

You can use an API Rate Limiting policy to control how many requests are routed to the Energy API during a given period of time.

1. On the API Implementation tab of the Energy API page, in the Available Policies panel, expand Traffic Management, hold the cursor over API Rate Limiting, and click Apply.

   

2. On the Apply Policy page, click Next.

   

3. On the Apply Policy page, enter 3 in the API Rate Limit field, select Minute from the Time Interval list, and then click Apply.

   

   The API Rate Limiting policy appears on the Request tab of the API Implementation panel.

   

4. On the APIs page, click Save Changes.

   

After you add the API rate-limiting policy to the Energy API, you must redeploy the API to activate the policy.

1. On the Deployments tab, hold the cursor over the gateway name where the API is deployed, and then click Redeploy.

   

2. On the Redeploy menu, click Latest Iteration.

   

3. On the Deployment page, enter a comment about the reason to redeploy, and click Yes.

   

4. On the Deployments tab, wait until the deployment is complete before testing your API.

   

   Note: If the deployment isn't moved from the Waiting tab to the Deployed tab, then try refreshing the page.

   The Waiting tab is automatically updated when the API is deployed, and the date is updated with a new deployment date.

   

After the redeployment is complete, the API applies the API rate-limiting policy to the incoming requests.

1. Build your API URL using this format:

   http://hostname.domain:port/api_endpoint_url/resource_path

2. Open the Postman client, select the GET method, enter the API URL, and then click Send.

   

3. Repeat Step 2 more than three times in less than a minute to trigger the API rate-limiting policy.

4. On the Body tab, verify that after the third execution, the API rate-limiting policy is triggered.

   

Header validation policies are used to enforce the presence of values in the HTTP headers of the incoming requests. You use them to determine the API behavior by choosing the options to either reject or pass the requests under certain conditions.

1. On the API Implementation tab of the Energy API page, in the Available Policies panel, expand Interface Management, hold the cursor over Header Validation, and click Apply.

   

2. On the Apply Policy page, select API Rate Limiting from the Place after the following policy list, and then click Next.

   

3. On the Apply Policy page, enter or select the following values, and then click Apply:

   • Action: PASS
   • Conditions: ANY
   • Name: tenant-id
   • Operator: >=
   • Value: 1

   

   The Header Validation policy appears on the Request tab of the API Implementation panel.

   

4. On the APIs page, click Save Changes.

   

After you add the header validation policy to the Energy API, you must redeploy the API to activate the policy.

1. On the Deployments tab, hold the cursor over the gateway name where the API is deployed, and then click Redeploy.

   

2. On the Redeploy menu, click Latest Iteration.

   

3. On the Deployment page, enter a comment about the reason to redeploy, and click Yes.

   

4. On the Deployments tab, wait until the deployment is complete before testing your API.

   

   Note: If the deployment isn't moved from the Waiting tab to the Deployed tab, then try refreshing the page.

   The Waiting tab is automatically updated when the API is deployed, and the date is updated with a new deployment date.

   

After the redeployment is complete, the API applies the header validation policy to the incoming requests.

1. Build your API URL using this format:

   http://hostname.domain:port/api_endpoint_url/resource_path

2. Open the Postman client, select the GET method, enter the API URL, and then click Send.

   

   The API response displays an error message because the header validation policy didn't find the required header values.

   

3. In the Postman client, enter tenant-id in the key field, enter 0 in the value field, and then click Send.

   

   The API response displays an error message because the header validation policy didn't allow the request with the sent header values.

   

4. In the Postman client, enter tenant-id in the key field, enter 1 in the value field, and then click Send.

   

   The API response displays the expected result in JSON format.

   

Resource-based routing policies are used to route the incoming requests to specific resource paths to different service response URLs. This policy allows you to combine two back-end services that return different implementation results.

1. On the API Implementation tab of the Energy API page, in the Available Policies panel, expand Routing, hold the cursor over Resource Based Routing, and click Apply.

   

2. On the Apply Policy page, select Header Validation from the Place after the following policy list, and then click Next.

   

3. On the Apply Policy page, enter or select the following values, and then click Apply:

   • Resource Path(s): *estimate*
   • Set Service Request URL To: your_own_estimate_api_implementation
   • Otherwise: Keep Default Service Request URL


   

   Note: If you don't have your own implementation of the estimate API, then use this service request URL as an example: http://private-333802-estimate.apiary-mock.com.

   The resource-based routing policy appears on the Request tab of the API Implementation panel.

   

4. On the APIs page, click Save Changes.

   

After you add the resource-based routing policy to the Energy API, you must redeploy the API to activate the policy.

1. On the Deployments tab, hold the cursor over the gateway name where the API is deployed, and then click Redeploy.

   

2. On the Redeploy menu, click Latest Iteration.

   

3. On the Deployment page, enter a comment about the reason to redeploy, and click Yes.

   

4. On the Deployments tab, wait until the deployment is complete before testing your API.

   

   Note: If the deployment isn't moved from the Waiting tab to the Deployed tab, then try refreshing the page.

   The Waiting tab is automatically updated when the API is deployed, and the date is updated with a new deployment date.

   

After the redeployment is complete, the API applies the resource-based routing policy to the incoming requests.

1. Build your API URL using this format:

   http://hostname.domain:port/api_endpoint_url/resource_path

2. Open the Postman client, select the GET method, enter the estimate API URL, and then click Send.

   

   Note: The URL must point to the estimate API, and the tenant-id key/value pair must be included if the header validation policy is still applied.

3. On the Body tab, verify that the response is from the estimate API.