How to implement rate limiting in API gateway per user?

Question

Hi, If I am understanding correctly, the throttling limit in API gateway stage is for the endpoint. So, a limit of 100 request per sec will mean the endpoint will only respond to the first 100 request from anyone accessing it and will throw error after the 10 requests. What I need is to restrict the endpoint to have only 5 requests per second per user and no overall quota limit for the endpoint. So how can I implement it?

Answer

You can rate limit per client (user) in API Gateway using Usage Plans with API Keys.  The options are described in this document, page 9 (pdf page 12) :

[https://d1.awsstatic.com/whitepapers/api-gateway-security.pdf]()

This developer guide describes setting it up in the AWS Console:

[https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-usage-plans-with-console.html]()

Please note, there are two options for API Keys.  First your API consumers can pass in the API Key you share with them in the `X-API-Key`  header.  Second option is to use a Lambda authorizer to return the API key as part of the authorization response.

[https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-key-source.html]()

How to implement rate limiting in API gateway per user?

相關內容