Skip to content


You can create rate-limiting and error code policies to safeguard your APIs against attacks and monitor malfunctions. Rate limiting is an effective measure to protect your APIs.

Policies features

Under the Policies section of the Monitor and Analytics functionality, the platform-admin, api-product-manager and api-developer of the organization can:

  • Create policies related to Request Limit, Request Limit (IP Blocking) and Error Code
  • Attach policies to APIs on the API level or Organization level
  • Search for the policies created
  • Filter policies based on their type
  • Check how many APIs inherit a particular policy
  • Edit a policy, detach and delete it

Policies Window

In order to utilize the Policies, follow the below sections.

Create Policy

To create a policy:

  • First, access Monitor & AnalyticsMonitors and Policies
  • Switch to Policies

Accessing Monitor Create Policy Options

  • Click Create Policy
  • In the popup shown, select the policy type.

Different Types of Policy

There are three types of policies, to create them, follow the instructions mentioned in the below sections:


Fields with asterisk (*) are mandatory.

Request Limit

The request Limit (rate limit) policy allows the provider to limit the maximum number of API calls within a period.

For example, you want a consumer to call the API 10 times per minute. Therefore, you would apply a rate limit to their API expressed as "10 requests per 60 seconds," as it's calculated in requests per second.

While creating the policy, once you've selected Request Limit, fill in the following details in the popup shown:

  • Policy Name: Specify the name of the policy.
  • Request Threshold: Set the maximum number of requests allowed within a specific time period.
  • Period: Select the time period (hour, day, or month) for the request threshold limit.
  • Recovery Time: If a rate limit is triggered, specify the duration in seconds for the IP to recover.
  • Notify: Enter an email address to receive a notification if the policy is triggered.

create policy

Request Limit (IP Blocking)

This policy allows administrators to block traffic from specific IP addresses. This can be useful for mitigating attacks, such as Distributed Denial of Service (DDoS) attacks, or for blocking malicious activity.

When you select this type of policy, the additional field you get is to choose whether to block the IP address permanently or not.

  • By default the Permanent blocking is set to No
  • If you need to block permanently, select Yes

Request Limit IP Blocking Permanent Blocking

Error Code Notification

There are different times when an API can return errors for a request; for example, some common API errors are 400 Bad Request Error, 401 Unauthorized Error, or 500 Internal Server Error, which could be due to issues in the endpoint, incorrect parameters, etc.

In this case, the administrator or product manager might want to send automated error notification emails. To do so, you need to create the Error Code Notification policy. For that:

  • First, enter the Policy name
  • Define the Error code series such as 400, 401, 408, 500, and 502
  • Set the Occurrence threshold
  • Then select the Period : Hourly | Day | Month
  • After that, enter the emails in the Notify field

Error Code Notification Create Policy

  • Click, Create Policy

Attach Policy

You can attach the policies you create at the API and Organizational level. This helps you apply the policy at a large scale as well as keep track of the no of APIs using the Policy.

attach policy

Detach Policy

You can easily detach policies applied to APIs.

detach policy

Edit & Delete Policy

You can edit and delete the policy.

edit policy