Create a rate limit policy for a specific managed API. The rate limit policy controls the number of times API consumers can invoke the API during a designated time period.
The API-specific rate limit overrides the organizational rate limit policy. For example, if the organizational rate limit is 10 invocations per second, and the API-specific rate limit is 20 invocations per second, API Manager rejects attempts to access the API after the 20 invocations per second limit is reached.
If a rate limit policy is not defined for a managed API, or if the API-specific rate limit policy is disabled, API Manager applies the organizational rate limit policy to the API.
When an API consumer attempts to access a managed API and access is denied due to a rate limit policy, the HTTP response includes a
429 Too Many Requests
status code and the description
API rate limit reached
. API Manager logs an access exception in the event log. For more information about the event log, see