product-microgateway icon indicating copy to clipboard operation
product-microgateway copied to clipboard

Published 20 hours ago verified publisher icon wso2

GraphQL subscription level rate limit policies are rate limited early before reach quota

Open renuka-fernando opened this issue 1 year ago • 4 comments

Description

$subject

Steps to Reproduce

  1. Create graphQL API (Sample StarWarAPI in docs).
  2. Deploy and publish.
  3. Create a subscription-level rate limit policy from the Admin portal.
  4. Quota limit: Request count: 20 unit: min
  5. GraphQL: max complexity: 100, Max depth: 5
  6. Subscribe to an App with the created policy.
  7. Invoke the API with 20 times the following payload from the Dev portal tryout window
{
  human(id: 1000) {
    id
    name
  }
  droid(id: 2000) {
    name
    friends {
      name
      appearsIn
    }
  }
}

The API will be rate-limited after 10 requests.

image

Version

1.2.0-alpha

Environment Details (with versions)

Docker Compose

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response

renuka-fernando avatar Feb 02 '23 05:02 renuka-fernando

This is the same behaviour with the Synapse gateway (APIM 4.2.0-alpha)

renuka-fernando avatar Feb 02 '23 12:02 renuka-fernando

The rate limit value depends on the query made (Operation count). For the following query, it is rate limited after 20 requests (Both CC and APIM Synapse GW).

{
  droid(id: 2000) {
    name
    friends {
      name
      appearsIn
    }
  }
}

renuka-fernando avatar Feb 02 '23 12:02 renuka-fernando

Following are the results for the following query.

{
  human(id: 1000) {
    id
    name
  }
  droid(id: 2000) {
    name
    friends {
      name
      appearsIn
    }
  }
}

Subscription Level Rate Limiting (API/Operation level rate limiting)

Same behaviour in both GWs.

APIM (Synapse)

Policy: 20PerMin Rate Limited after 10 requests

Choreo Connect

Policy: 20PerMin Rate Limited after 10 requests

Advanced Level Rate Limiting (API/Operation level rate limiting)

Behaviour is different.

APIM (Synapse)

Policy: 10PerMin (API Level) Rate Limited after 5 requests

Choreo Connect

Policy: 10PerMin (API Level) Rate Limited after 10 requests

Application Level Rate Limiting

Behaviour is different.

APIM (Synapse)

Policy: 10PerMin (API Level) Rate Limited after 5 requests

Choreo Connect

Policy: 10PerMin (API Level) Rate Limited after 10 requests

renuka-fernando avatar Feb 02 '23 12:02 renuka-fernando

It looks like not an issue. App and Sub level rate limit depends on the operation count of the request, but keeping the API level rate limit not depends on the request operation count.

renuka-fernando avatar Feb 06 '23 10:02 renuka-fernando