Rate Limiting


Specifies the global configuration related to rate limiting. Rate limiting policies are defined using the policies/rate_limiting[] entry.

Additional rate limiting headers can also be enabled. The rate limiting response headers include:

X-Rate-Limit-PolicyThe name of the rate limiting policy which is closest to being hit.
X-Rate-Limit-RemainingThe number of requests left for the rate limiting policy in the current rate limit window.
X-Rate-Limit-ResetThe time (UTC Epoch time) at which the rate limiting policy resets.


cache_sizenumberMinimum: 1

Maximum: unlimited

Default value: 16384
The number of unique records to cache locally for the rate limiting capability. When this cache is exhausted, the oldest cached records are ejected. This effectively resets the rate limiting counters for this client(s). This number needs to be higher than the number of requests being rate limited across a refresh interval.
response_headersbooleanValues: true or false

Default value: false
Specifies whether or not the gateway will insert the rate limiting headers into responses.
By default, the rate limiting response headers are disabled.


These entries control whether or not rate limiting data will be stored in a Redis database. When stored in a Redis database, rate limiting data can be shared across multiple gateway instances.


collection_namestringSpecify the name of a Redis collection which will be used for maintaining rate limiting data. Redis collections are defined using the services/redis[] entry.
sync_windownumberMinimum: 0

Maximum: unlimited

Default value: 5
The length of time (in seconds) a record from Redis will be cached locally by this instance. Records will only be synchronized with Redis after this window has elapsed.


    cache_size: 16384
    response_headers: false
      collection_name: test-collection
      sync_window: 10