Create an inbound REST API rate limit

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Create rate limit rules to limit the number of inbound REST API requests processed per hour.

    Before you begin

    Role required: rate_limit_admin

    About this task

    Set rate limits for all users, users with specific roles, or all users.
    Note:
    As requests reach an instance, each node maintains a rate limit count per user. Every 30 seconds, the count is committed to the database. As a result, a rate limit rule may not take effect for up to 30 seconds.

    Procedure

    1. Navigate to All > System Web Services > REST > Rate Limit Rules.
    2. Click New and enter the following field values.
      Table 1. REST API Rate Limit Rule form
      Field Description
      REST API resource Value derived from the values entered at the following fields.
      Name Unique name for the rate limit rule.
      REST API REST API selected from the list of all external-facing REST APIs for the instance.
      Version Version of the REST API. Values listed depend on the REST API selected.
      Resource Resource for the Version. Values listed depend on the Version selected.
      Table Table that you want to target. Appears only when you select Table API as the REST API.
      Import set table Import set table that you want to target. Appears only you select Import Set API as the REST API.
      Active Check box to indicate that the rate limit rule is active.

      Rate limit rules are activated by default as soon as you create them. You can deactivate rate limit rules to stop enforcing a rate limit or activate rate limit rules to resume enforcing a rate limit.
      Request limit per hour Maximum number of requests allowed per hour.
      Note:
      Whenever you update the value of this field, the ServiceNow AI Platform resets the count of requests to 0 and deletes all violations for the current hour.
      Apply to Users restricted by this rule:
      • Single user applies the rate limit to a specific user.
      • Users with role applies the rate limit to all users with a specific role.
      • All users applies the rate limit to all users.
      Role Role to which the rate limit applies. Appears only when you select Users with role at the Apply to field.
      User User to whom the rate limit applies. Appears only when you select Single user at the Apply to field.
    3. Click Submit.
      The new rate limit goes into effect.

    What to do next

    After you submit the rule, the ServiceNow AI Platform adds the following related lists to the rule record:
    Rate Limit Counts
    Lists, by user, the number of inbound REST API requests affected by this rate limit rule.
    Rate Limit Violations
    Lists, by user, the violations of this rate limit rule.

    You can use these related lists to Monitor inbound REST API rate limit counts and violations.