Apigee Spike Arrest Rate Limit Application

Question

I am an Apigee newbie.

I am trying to understand the Spike Arrest policy.

I am looking at this documentation:
http://apigee.com/docs/api-services/content/shield-apis-using-spikearrest
http://apigee.com/docs/api-services/content/policy-attachment-and-enforcement

The one thing I cannot understand for certain is if, when the Spike Arrest Policy is applied to an ApiProxy, whether the rate limit is applied per Key/Client Dev Application, or is it shared between all Keys/Client Dev Applications?

For example if we have the following config:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <SpikeArrest async="false" continueOnError="false" enabled="true" name="spikearrest-1">
  <DisplayName>SpikeArrest-1</DisplayName>
  <FaultRules/>
  <Properties/>
  <Identifier ref="request.header.some-header-name"/>
  <MessageWeight ref="request.header.weight"/>
  <Rate>50ps</Rate>
</SpikeArrest>

And Client Dev Apps:
1. DevApp1
2. DevApp2

Is the 50ps rate limit shared between DevApp1 and DevApp2, or do DevApp1 and DevApp2 get 50ps rate limit each?

Thanks,

Answer 1

You can use any of the predefined variables: http://apigee.com/docs/api-services/api/variables-reference

The variable that is probably the most commonly used for Spike Arrest is client.ip. Edge will make all elements of a request message available. If your clients are adding a client_id (aka API key) to a request as a query parameter, for example api.call.com?client_id=u34r8ur, then you would set the variable in your Spike Arrest Identifier to be:

<Identifier ref="request.queryparam.client_id"/>

Or if it is in an HTTP header:

<Identifier ref="request.header.client_id"/>

Hope that helps!

Answer 2

Its per app identified by your identifier.