The rate limit policy controls the number of times API consumers can access an operation during a designated time frame. If the number of API calls exceeds the rate limit within the designated time frame, API consumers can't access the operation.
The default rate limit is 1,000 requests per minute. The maximum rate limit that you can define is 3,000 requests per minute.
You can configure and associate rate limit policies with APIs and API operations when you design an API or create a managed API. When you create a managed API, you can associate user-level rate limit policy with a managed API to control the number of times a specific API consumer can access an API and its operations within a designated timeframe. You can associate only one user with one user-level rate limit policy.
You can associate an API-level or operation-level rate limit policy with any number of APIs or API operations. The API References area of a rate limit policy displays all the designed APIs, published APIs, and managed APIs that use the policy.
When you configure a rate limit policy, the policy is enabled by default. After configuring the policy, the policy manager can choose to enable or disable the policy.
You can change the values of an existing rate limit policy. Any change to the existing values reflect in all the API operations that use the rate limit policy. You must first disable the rate limit policy to change the values of the policy. After you save the changes, you can view the changes in API Center even when the API is not yet enabled. Enable the policy for the changes to take effect on the APIs in the runtime environment.
If you associate a rate limit policy at the API level, operations level, and user level, the rate limit policy with the minimum value takes precedence and the other values are ignored.