👀 Views: 51 💬 Answers: 1 📅 Created: 2025-06-15

azure api-management rate-limiting xml

This might be a silly question, but I tried several approaches but none seem to work. I'm trying to set up rate limiting for my Azure API Management instance to prevent abuse of my APIs, but I'm running into issues with my custom policies. I want to limit requests to 100 per minute per subscription key, but it seems like the policies I have in place are not enforcing the limit correctly. I've defined my policy as follows: ```xml <inbound> <rate-limit-by-key calls="100" renewal-period="60" counter-key="@(context.Subscription.Id)" /> </inbound> ``` However, when testing this with a subscription key, I can still send more than 100 requests within a minute without receiving any errors. I've checked the Azure portal, and the policy appears active, but the behavior does not match what I expect. I've also tried using the built-in `rate-limit` policy instead of `rate-limit-by-key` but faced the same scenario. I've confirmed that the subscription key I’m using is valid and that the API is being called correctly. Here’s a sample of the requests I’m making using Postman: ```http GET https://myapi.azure-api.net/my-endpoint Ocp-Apim-Subscription-Key: my-subscription-key ``` I’ve also enabled logging in Azure API Management to capture any potential errors or warnings, but nothing stands out. Has anyone else faced similar issues with rate limiting in Azure API Management? Are there specific configurations or debugging techniques I might be missing to ensure that rate limiting works as intended? Any guidance would be appreciated! Thanks in advance! This is part of a larger CLI tool I'm building. What am I doing wrong? Any pointers in the right direction?