Sail

Rate Limiting

Protect your API from abuse with flexible rate limiting policies.

Rate Limiting Policies

{
  "id": "api-rate-limit",
  "window": "00:01:00",
  "permitLimit": 100,
  "queueLimit": 10,
  "partitionKey": "ClientIP"
}

Apply to a route:

{
  "routeId": "api-route",
  "clusterId": "backend-api",
  "rateLimiterPolicyId": "api-rate-limit",
  "match": {
    "path": "/api/{**catch-all}"
  }
}

Partition Keys

ClientIP

Rate limit by client IP address

User

Rate limit by authenticated user

Header

Rate limit by custom header value (e.g., API key)

Configuration Options

  • •
    window: Time window for the rate limit (e.g., "00:01:00" for 1 minute)
  • •
    permitLimit: Maximum number of requests allowed in the window
  • •
    queueLimit: Number of requests to queue when limit is exceeded
  • •
    partitionKey: How to partition rate limits (ClientIP, User, Header)