You can configure a rate limit policy for a managed API. The rate limit policy controls the number of times API consumers can invoke the API during a designated time period.
The API-specific rate limit overrides the organizational rate limit policy. For example, if the organizational rate limit is 10 invocations per second, and the API-specific rate limit is 20 invocations per second,
rejects attempts to access the API after the 20 invocations per second limit is reached. The maximal rate limit that you can define is 3000 requests per minute.
If a rate limit policy is not enabled for a managed API,
applies the organizational rate limit policy to the API.
When an API consumer attempts to access a managed API and access is denied due to a rate limit policy, the HTTP response includes a
429 Too Many Requests
status code and the description
API rate limit reached
logs an access exception in the event log. For more information about the event log, see