Setting the Rate Limit for the Cloud Controller API

Page last updated:

This topic describes how to set the rate limit for the Cloud Controller API (CAPI).

Cloud Foundry lets you set rate limits on the number of requests third parties can make to CAPI. You can set different rate limits for authenticated and unauthenticated users.

Rate limits help to prevent servers from getting overloaded by poorly or maliciously-designed clients that could otherwise force the server to use all its resources servicing those calls instead of responding to legitimate requests.

When rate limiting is enabled, responses to CAPI calls contain information about the limit, how close the user is to reaching it, and when it will reset. For more information, see Rate Limit Information Returned by the Cloud Controller API.

Use the following properties in the cloud_controller_ng BOSH job to define rate limits:

Property Description Default value
cc.rate_limiter.enabled Enable rate limiting for authenticated and unauthenticated CAPI endpoints per user or client false
cc.rate_limiter.general_limit The number of requests an authenticated user or client is allowed to make for all CAPI endpoints over the configured interval 2000
cc.rate_limiter.unauthenticated_limit The number of requests an unauthenticated client is allowed to make to CAPI endpoints over the configured interval 100
cc.rate_limiter.reset_interval_in_minutes The interval in minutes until a user’s available CAPI requests reset 60
cc.max_concurrent_service_broker_requests Maximum number of concurrent requests to endpoints related to service brokers. A request ends immediately after a response is sent, even if the request is for an ongoing asynchronous operation, such as creating a service instance. Set to 0 to not limit concurrent requests. 0
Create a pull request or raise an issue on the source for this page in GitHub