This pageapplies toApigee andApigee hybrid.

View Apigee Edge documentation.

What you'll learn

Through this tutorial, you'll learn to:

• Add a policy that affects the request and response.
• See the effects of the policy.

What you'll need

• An Apigee installation. SeeOverview and prerequisites.
• A working API proxy with at least one policy attached. SeeBuild your first API proxy overview.
• An HTTP API client installed on your machine to make API calls. The tutorial examples usecurl.

Add the SpikeArrest policy

In this tutorial, you'll add and configure theSpikeArrest policy to guard the target service against sudden traffic spikes that can be caused by an increase in usage, buggy clients, or malicious attacks. When the number of requests exceeds the rate limit, the API returns an HTTP429 error.

To add the SpikeArrest policy to an API proxy:

1. In the Google Cloud console, go to theApigee> Proxy development> API Proxies page.

   Go to API Proxies

   If you followed the Get Started tutorial, you can add it to the API proxy you created inCreate an API proxy.

2. Click theDevelop tab.
3. In the left-hand pane, click the+ button in thePolicies row.

4. In theCreate policy dialog, click in theSelect policy type field and scroll down toTraffic Management and selectSpikeArrest.

5. Optionally, you can change theName andDisplay name of the policy. By default, Apigee provides a short prefix for the policy name, in this case,SA-. You can add a sequence of descriptive words, separated by dashes, after the prefix. See Naming conventions.

   

   When you are done, clickCreate to create the policy.

Now that you have created the Spike Arrest policy, you can add it to a step in the PreFlow.

1. SelectProxy Endpoints > default > PreFlow in the left-hand pane:

   

   Note: You may need to expand the visual editor in the right-hand pane to see all the elements. To do so, click and drag the divider between the visual editor and the text editor down a little.

2. Click the+ button next toPreFlow in theResponse pane at the bottom-right of the visual editor:

   

3. In theAdd policy step dialog, select theSpike Arrest policy.

4. ClickAdd to attach the policy.

   TheSpike Arrest policy is now displayed in theResponse pane:

   

   Note: This example uses the default name,SA-, for the Spike Arrest policy. You can change the name in thePolicyName element in the XML for the policy, by adding a descriptive phrase afterSA-. See Change the policy name.

Now that you have attached the Spike Arrest policy to the PreFlow, you can try changing the code for the policy:

1. In theResponse pane, selectSA-.

   

2. The text editor displays the XML code for the proxy, including the Spike Arrest policy step in theResponse element of the PreFlow.

   <?xml version="1.0" encoding="UTF-8" standalone="yes"?><SpikeArrest continueOnError="false" enabled="true" name="SA-">    <DisplayName>SA-</DisplayName>    <Properties/>    <Identifier ref="request.header.some-header-name"/>    <MessageWeight ref="request.header.weight"/>    <Rate>30ps</Rate></SpikeArrest>

3. In the XML for the policy, change the value of the<Rate> element to1pm (which translates into roughly two requests allowed every 60 seconds in the cloud).

   Note: The behavior of SpikeArrest involves a smoothing algorithm across multiple message processors, which affects the actual behavior you will see. If you want more details, seeSpikeArrest policy.

   You can specify the rate as an integer value per minute (pm) or per second (ps). This is a very low limit and is used only for this tutorial to demonstrate the policy. Typically, you set it to a much higher limit.

   Notice that theRate value in the Property Inspector also changes to1pm. Alternatively, you can change theRate value in theProperty Inspector and it will be reflected in the XML view.

4. ClickSave to save the current revision with your changes.