Usage Plan

You can leverage Usage Plans with Amazon API Gateway to set limits on request rate for consumers of your API to protect it from being abused by a particular misbehaving client.

To tally the number of requests based on the caller, API Gateway uses API Keys to keep track of different consumers for your API. In our use case, requests coming from different companies can be calculated separately.

Step 1: Go to tab Usage Plan on API Gateway, click Create

Step 2: Fill in the details for the usage plan

  • Name: Basic
  • Description: Basic usage plan for Unicorn Manager partners
  • Enable throttling: check Yes
  • Throttling Rate: 1 request per second
  • Throttling Burst: 1
  • Enable Quota: Check Yes & Use 100 requests per month

Step 4: Choose Next

Step 5: Associate the API we created previously with the usage plan. Pick prod stage. And click the checkmark to confirm. Then click Next

Step 6: We currently don’t have any API keys set up. In this step, click Create API Key and add to Usage Plan to create an API key for the partner company

Step 7: For our application, we are going to reuse the value of the ClientID of the customer as the value for the API Key, to keep down the number of random strings that customers have to remember

  • Name: UnicornManager
  • API Key: Custom
  • Copy & Paste your App Client Id to input box (If you forgot, go to Cognito console to retrieve)
  • Click Save

Step 8: After the API key has been created, click Done.

Step 9: Update your API Key to API resource

Step 10: Redeploy your API

From now, your API requires x-api-key headers to access and you can test request limit with Postman