Layer7 API Management

  • 1.  In CA OAuth Toolkit OTK 4.1, what is the best way to add a rate limit to the OTK endpoints?

    Posted Jan 17, 2019 03:22 PM

    The standard OTK endpoints like /authorize, /consent, and /token are read-only.  How do you add rate limits to these endpoints?



  • 2.  Re: In CA OAuth Toolkit OTK 4.1, what is the best way to add a rate limit to the OTK endpoints?
    Best Answer

    Broadcom Employee
    Posted Jan 18, 2019 08:39 AM

    Hi Jeff,

     

    These policies in 4.1 (and up to the latest, 4.3) should not be read-only just yet. There is a warning in the policy that they will be read-only in the future, however should have the ability to edit this at the present time. Please let me know if this is not the case and what error you get when trying to save them.

     

     

    Regards,

    Joe



  • 3.  Re: In CA OAuth Toolkit OTK 4.1, what is the best way to add a rate limit to the OTK endpoints?

    Posted Jan 18, 2019 05:36 PM

    All the OTK endpoint services in OTK4.1 are not read-only. They are modifiable.



  • 4.  Re: In CA OAuth Toolkit OTK 4.1, what is the best way to add a rate limit to the OTK endpoints?

    Broadcom Employee
    Posted Jan 22, 2019 03:05 PM

    Hi Jeff,

    Assuming that you are running API Gateway 9.2 with OTK 4.1, here is the full documentation on the Apply Rate Limit Assertion. As stated, all OTK endpoint services are modifiable and you can add this assertion to the policy. However, services are overwritten during an upgrade. If you have customized a service, make a copy to save your customizations, upgrade, then copy your customizations into the newly upgraded service. Also be aware that OAuth 1.0 support was dropped in OTK 4.2. Hope that helps.

     

    Simon