Skip to main content

Attach the Rate Limiting Policy

Estimated reading time: 0 min read

So far, you know how to configure Application and API to let your APISIX instance run as your expectation. This section will extend the API with the Rate Limiting Policy. Rate Limiting protects your API from too many requests from being overwhelmed by a large number of requests.

JSON API detail with edit mark

Enter the JSON API detail page and click on the Add Policy button (wrapped by the black ellipse). API7 Cloud will open a popup window to add a new policy.

Configure Rate Limiting Policy

Let's select the Rate Limiting policy and fill out the form. In this case, we configure:

  1. A data plane instance only accepts five requests in a minute (for the JSON API);
  2. If the number of requests exceeds the limit, the data plane instance rejects the requests with the 429 status code, and the response body will be "Too many requests".

Save the settings, and now let's try to verify the Rate Limiting Policy.

Again, we'll use curl for the verification. This time we'll send requests continuously.

for ((i=0; i<6; i++)); do
curl -H 'Host:' -s -o/dev/null -w 'status code: %{http_code}\n'

The output will be:

status code: 200
status code: 200
status code: 200
status code: 200
status code: 200
status code: 429

As you can see, we sent 6 requests in a minute. The first 5 requests responded with a 200 status code, and the last one responded with the expected429, but what about the response body? Let's send a request separately through the below command.

curl -H 'Host:' -s

You'll see {"error_msg":"Too many requests"} printed on the screen.


Apache APISIX wraps the error message in a JSON string.


The throttling quota might already reset when you run the above command. Try a few times if you don't see this output.

Congratulations, you've mastered using Rate Limiting Policy in your API.