Perform the following steps:
- As shown in the preceding screenshot, choose the required operation (GET) and click on the inbound policy editor link (labeled 3), which will open the policy editor.
API Management allows us to control the behavior of the backend APIs (in our case, HTTP triggers) using API Management policies. You can control both the inbound and outbound request responses. You can read more about it at https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-policies.
- As we need to restrict the request rate within API Management before sending the request to the backend function app, we need to configure the rate limit in the inbound policy. Create a new policy as shown with a value of 1 for the calls attribute and a value of 60 (in seconds) for the renewal-period attribute, and finally set the counter-key to the IP address of the client application:
With this inbound policy, we are instructing API Management to restrict one request per minute for a given IP address.
- One final step before we test the throttling is publishing the API by navigating to the Settings tab in the preceding step and associating the API with a published product (in my case, I have a default starter product that is already published). As shown in the following screenshot, choose the required product and click on the Save button:
Products in API Management are a group of APIs to which the developers of different client applications can subscribe. For more information about API Management products, refer to https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-add-products.