Rate Limiting

Rate limiting in digiRunner controls the number of API requests allowed within a specific time frame, ensuring system stability and preventing abuse. The rate limiting configuration can be applied to individual clients or groups based on their API access levels.

In digiRunner, rate limiting is implemented through adjustments to the API Quota and TPS/Node settings.

Configuring Rate Limiting

Access API Client Management

Go to Client Management > API Client to manage clients subject to rate limits. You can either create a new client or update an existing one.

Create Client

Click Create to access the client creation page.

Update Client

Set Limits

When creating or updating an API client, configure the API Quota and TPS/Node (Transactions per second) settings.

• API Quota: Specifies the total number of API calls the client can make without restriction. If the same API was pressed repeatedly 10 times, it also counts as 10 times.

• TPS/Node (Default 10): Specifies the number of times this client can call the API per second. The default for this field is 10, meaning that the API will be called 10 times per second. For example, if both the TPS/Node and API Quota are set to 10, the user can make 10 API calls per second. However, once the user reaches a total of 10 calls for the day, further API access will be denied.

Testing Rate Limiting

Create an API Group and Add Clients

1. Go to Client Management > API Group.

2. Create a new group for clients to which you want to apply rate limiting.

3. Add the desired API to this group, which will apply the rate limiting rules.

4. Assign the clients to the group so that they inherit the rate limiting settings for this API.

Run API Test

1. Go to API Management > API Test to test the API with the rate-limited group.

2. Send requests to the API via the API Test feature to verify that rate limiting is enforced.

Monitor Responses

Observe API responses; if the rate limit is exceeded, the server will return an HTTP 429 (Too Many Requests) error.