Cloud Endpoints provides quotas, which let you control the rate at which applications can call your API. Setting a quota allows you to specify usage limits to protect your API from an excessive number of requests from calling applications. The excessive requests might have been caused by a simple typo or from an inefficiently designed system that makes needless calls to your API. Regardless of the cause, blocking traffic from a specific source once it reaches a certain level is necessary for the overall health of your API. By setting a quota, you ensure that one application cannot negatively impact other applications that use your API.
This page provides an overview of the key functionality provided by quotas.
Requests are tied to the consumer Cloud project
After you configure a quota, Cloud Endpoints tracks the number of requests per minute per consumer Cloud project. Each application that calls your API must:
- Have a Cloud project.
- Have enabled your API in their Cloud project.
- Send an API key with each request to your API. This allows Cloud Endpoints to identify the Cloud project that the calling application is associated with and to increment the request counter for the Cloud project.
You can either have your API consumers create their own projects in Google Cloud Console, or you can create the projects for them. Because Cloud Endpoints enforces quotas per project, you must have one project for each API consumer.
Limit the number of requests per minute
By setting a quota, you can limit the number of requests per minute to your entire API or only to specific methods. If the client code from a consumer project exceeds the limit that you have configured, the request is rejected before it gets to your API, and an HTTP status code of 429 Too Many Requests is returned. Calling applications will need to handle the 429 status code and use exponential backoff or some other retry logic to decrease the rate of calls to your API.
Configure one or more quotas
You can configure one or more named quotas and specify a different rate limit for each quota. For example, you could have some methods in your API that are resource-intensive (such as a method that runs a complex query and returns a large list of results), and other methods that are fast and lightweight. You might want to configure two quotas with different rate limits, and associate the resource-intensive methods with one quota, and the lightweight methods with the other quota.
Configure a cost
When you associate a method with a quota, you always specify a cost for the request. This allows different methods to consume the same quota at different rates. You can use costs as an alternative to configuring different quotas. For example, suppose you configure a quota with a limit of 1000 requests per minute. For the lightweight methods, you configure a cost of 1, which means clients can call the lightweight methods 1000 times per minute. For the resource-intensive methods, you configure a cost of 2, which means that each time the client calls the method, the request counter is incremented by 2, until the limit of 1000 is reached. In effect, this limits the resource-intensive methods to 500 requests per minute.
Override the configured quota
The Endpoints dashboard displays the quota configured for each method in your API. If needed, you can override the configured limit for a specific consumer project. To set an override, you need to enter the project number of the consumer project on the Endpoints dashboard. If you are not a member of the consumer project that you want to override, you need to contact someone who is a member to obtain the project number.