You can leverage Usage Plans with Amazon API Gateway to set limits on request rate for consumers of your API to protect it from being abused by a particular misbehaving client.
To tally the number of requests based on the caller, API Gateway uses API Keys to keep track of different consumers for your API. In our use case, requests coming from different companies can be calculated separately.
Step 1: Go to tab Usage Plan on API Gateway, click Create
Step 2: Fill in the details for the usage plan
Basic usage plan for Unicorn Manager partners
Step 4: Choose Next
Step 5: Associate the API we created previously with the usage plan. Pick prod stage. And click the checkmark to confirm. Then click Next
Step 6: We currently don’t have any API keys set up. In this step, click Create API Key and add to Usage Plan to create an API key for the partner company
Step 7: For our application, we are going to reuse the value of the ClientID of the customer as the value for the API Key, to keep down the number of random strings that customers have to remember
Step 8: After the API key has been created, click Done.
Step 9: Update your API Key to API resource
Step 10: Redeploy your API
From now, your API requires x-api-key headers to access and you can test request limit with Postman