AWS API Gateway helps us to develop RESTful APIs. In some cases, especially for a B2B business, sometimes we need to expose the APIs to a few customers and restrict them on the number or the rate of API calls.
Usage plans help you to define maximum request quotas and manage request rates while sharing your API with others. API Gateway allows us to create API Keys for each of the customers.
By using Usage Plans, you can control the 3 aspects of accessing an API:
- Quota
- Throttling
- API/Stage that can be accessed
Create a usage plan
- Go to the API Gateway console and go to Usage Plans on the left side pane.
- Enter the Usage Plan name, throttling rate, and quota you want to set on the API, and click Next.
- In the next window, Associated API Stages, select the API from the drop-down and then select the corresponding stage on which you want to apply the usage plan. Click on Next.
- Now comes the API Keys part. Create a new API Key. Give the Customer name, and you can select Auto Generate option or provide your Custom Key. Save it.
As we have configured the usage plan with an API Key, it will start tracking the number of calls if the customer makes the call using the API Key. You can see the usage by going to the plan, the API Keys tab, and clicking Usage.
To complete the configuration, go to the API to which you have applied the Usage plan.
Under Method Execution, set API Key Required to true so that API can’t be invoked without the key.
Do not forget to deploy the API after making the changes.
When calling the API, the person needs to give the API key in the x-API-key header, and the usage can be tracked and limited.
Thus, Usage Plans help the business track the customer’s API call, which can be part of different plans. Also, the end customer can be billed based on the usage of the APIs. You can also control access to the API and its resources and allow special grants to users as needed.
Written by – Atin Mittal