Select Language:
Here’s a simple guide to help you troubleshoot why your rate limit policy might not be working as expected in your setup.
When you add rate limiting with the “rate-limit-by-key” policy inside your API, you expect it to restrict the number of calls based on a key, like the user’s authorization token or IP address. In your case, it seems to work when you use the “rate-limit-by-key” policy directly on the API, but it doesn’t work when it’s nested inside the
This happens because the policies that are included via the
To fix this, you should:
– Place the “rate-limit-by-key” policy directly on the API policy, outside of the
– Or, if you must include it within
Additionally, since your global policies are just headers and you’re not using workspaces, ensure that the scope of your rate limit policy is set correctly—either at the API or product level. Remember, policies inside
In summary:
– Test placing the rate-limit policy directly on your API instead of inside the
– Confirm policies aren’t being overridden or ignored because of the inheritance chain.
– Make sure your API is properly grouped and that global policies aren’t interfering.
By adjusting the placement of your rate limiting policy, you should see it start working as intended. Keep testing different configurations, and this approach should help you get the desired rate-limiting behavior across your APIs.
ChatGPT
Perplexity
Gemini AI
Grok AI
