ratelimit module

With the APIs in the ratelimit module, you can define keys that represent rate thresholds, counters, and concurrent transactions.

To access the APIs in the ratelimit module, use the require('ratelimit') statement, such as var rl = require('ratelimit');.

How the DataPower® Gateway stores and manages the keys is based on the DataPower service and its configuration.
  • For the API gateway, either the quota enforcement server or the GatewayScript rate-limiting gateway-peering instance is used. The quota enforcement server is a system-wide configuration that is defined in the default domain.
    • When the GatewayScript rate-limiting gateway-peering instance is defined in the gateway-peering manager, the gateway-peering instance is used.
    • When the GatewayScript rate-limiting gateway-peering instance is not defined in the gateway-peering manager, the quota enforcement server is used.
  • For all other DataPower services, the quota enforcement server is always used.

A rate threshold measures the maximum number of resources that are requested during an interval for the specific traffic type. The rate threshold is expressed in tokens per interval. The token represents the monitored resources. The bucket represents the resource pool that contains tokens. The bucket has a maximum capacity.

For each request, a defined number of tokens in the bucket can be requested. When available tokens in the bucket are enough for a request, the request is accepted and the requested tokens are used and removed from the bucket. Otherwise, the threshold is exceeded, and the next incoming requests are rejected.

Rate limiting supports the following types of rate thresholds. The difference between these threshold types is that the token bucket threshold is affected by the maximum capacity of the bucket.
Rate-based threshold
APIs to manage a rate-based threshold.
Token bucket threshold
APIs to manage a token bucket threshold.
Rate limiting supports flexible counting for any specific occurrences and counting for concurrent transactions that can be processed simultaneously.
Counter
APIs to manage the counter for specific occurrences.
Concurrent transactions
APIs to manage the counter for concurrent transactions.