Hi everybody,
not sure if there is already a task about this, I quickly checked and didn't find it, in case please close it as duplicate :)
If my understanding is correct, the current rate-limit settings for API-Gateway is around 500 requests/hour for anonymous users and 5000 for logged in users, applied globally for all services. I am wondering if we could add the possibility to have this rate-limit per service, so backend owners can decide the best values for their services without trying to come up with a compromise with other teams.
Another very nice feature would be to have a way to apply rate limits to a specific combination of client metadata, like UA and IP. The use case that I am thinking of is if a bot or a specific user generates too much traffic and a backend service owner wants to act on it without impacting other regular users (not impacting the service with their request flows).
The ML team is more than happy to help in the development of these features if you feel that they are sound and consistent with the current API-Gateway's plans.