Can Kong rate limit per endpoint?

Question

I can configure Kong's rate limiting plugin so it enforces limits on each endpoint in a given API like this:

$ curl -X POST http://kong:8001/apis/{api}/plugins \
    --data "name=rate-limiting" \
    --data "config.second=5"

However, I'd like to configure different rate limits per endpoint. For example, I'd like to allow:

• http://localhost:8000/endpoint1 to use a rate limit of 5 requests/second per IP
• http://localhost:8000/endpoint2 to use a rate limit of 10 requests/second per IP

Is this possible with Kong? I see an open issue related to this, but are there any workarounds?

Answer 1

Until Kong .13, this was not possible. However, in Kong .13 the API object has been broken into 2 parts, routes and services.

Using these tools, you should be able to apply different plugins for different endpoints in your API.

Answer 2

Kong cannot work on IP mode I believe. But to over come that you have combination of authentication and rate limiting. With the combination of this you can say

API 1 - limited to 5 request/second for consumer 1
API 1 (again) - limited to 10 request/second for consumer 2
API 2 - limited to 25 request/second from consumer 1

To achieve this you need to enable authentication in the kong for the APIs you want to control and then assign the rates for each consumer/api.

This will give you benefit of controlling the request from consumers so that they will not be able to do extra request from multiple IPs. (if you want)

Answer 3

Could you make each endpoint into a Kong API, then apply rate-limiting per-API?