You are browsing documentation for an outdated version.
See the latest documentation here.
Protect your Services
In this topic, you’ll learn how to enforce rate limiting using the Rate Limiting plugin.
If you are following the getting started workflow, make sure you have completed Exposing Your Services before moving on.
What is Rate Limiting?
Kong’s Rate Limiting plugin lets you restrict how many requests your upstream services receive from your API consumers, or how often each user can call the API.
The Rate Limiting Advanced plugin provides support for the sliding window algorithm to prevent the API from being overloaded near the window boundaries, and adds Redis support for greater performance.
Why Use Rate Limiting?
Rate limiting protects the APIs from accidental or malicious overuse. Without rate limiting, each user may request as often as they like, which can lead to spikes of requests that starve other consumers. After rate limiting is enabled, API calls are limited to a fixed number of requests per second.
Set up Rate Limiting
Validate Rate Limiting
Summary and next steps
In this section:
- If using the Admin API or decK, you enabled the Rate Limiting plugin,
setting the rate limit to 5 times per minute.
- If using Kong Manager, you enabled the Rate Limiting Advanced plugin,
setting the rate limit to 5 times for every 30 seconds.
Next, head on to learn about proxy caching.