Tyk v2.2 Documentation Components

Rate Limiting

Also known as throttling, Tyk API will actively only allow a key to make x requests per y time period. This is very useful if you want to ensure your API does not get flooded with requests.

How do rate limits work?

The Rate limits in Tyk work using a “leaky bucket” mechanism: Tyk will record each request in a timestamped list in Redis, it will at the same time count the number of requests that fall between the current time, and the maximum time in the past that encompasses the rate limit (and remove these from the list). If this count exceeds the number of requests over the period, the request is blocked.

This approach means that rate limits are applied across all gateway instances equally and that the actual limit is a “moving window” so that there is no fixed point in time to flood the limiter or execute more requests than is permitted by any one client.

Can I disable the rate limiter?

Not currently, the rate limiter is always enforced except on “Open (Keyless)” API configurations.

Can I rate limit by IP address?

Not yet, though IP-based rate limiting is possible using custom pre-processor middleware JavaScript that generates tokens based on IP addresses.

Was this article helpful to you? Yes No