Setting the Rate Limit for the Cloud Controller API
Page last updated:
This topic describes how to set the rate limit for the Cloud Controller API (CAPI).
Cloud Foundry lets you set rate limits on the number of requests third parties can make to CAPI. You can set different rate limits for authenticated and unauthenticated users.
Rate limits help to prevent servers from getting overloaded by poorly or maliciously-designed clients that could otherwise force the server to use all its resources servicing those calls instead of responding to legitimate requests.
When rate limiting is enabled, responses to CAPI calls contain information about the limit, how close the user is to reaching it, and when it will reset. For more information, see Rate Limit Information Returned by the Cloud Controller API.
Use the following properties in the
cloud_controller_ng BOSH job to define rate limits:
|cc.rate_limiter.enabled||Enable rate limiting for authenticated and unauthenticated CAPI endpoints per user or client||false|
|cc.rate_limiter.general_limit||The number of requests an authenticated user or client is allowed to make for all CAPI endpoints over the configured interval||2000|
|cc.rate_limiter.unauthenticated_limit||The number of requests an unauthenticated client is allowed to make to CAPI endpoints over the configured interval||100|
|cc.rate_limiter.reset_interval_in_minutes||The interval in minutes until a user’s available CAPI requests reset||60|
|cc.max_concurrent_service_broker_requests||Maximum number of concurrent requests to endpoints related to service brokers. A request ends immediately after a response is sent, even if the request is for an ongoing asynchronous operation, such as creating a service instance. Set to 0 to not limit concurrent requests.||0|