Skip to main content

Parameters

See plugin common configurations for configuration options available to all plugins.

note

In API7 Enterprise (from 3.8.17), you should configure one of the following parameter sets, but not both:

  • conn, burst, default_conn_delay, key
  • rules, default_conn_delay

rules is not available in APISIX yet.

  • conn

    integer | string

    required

    vaild vaule:

    greater than 0

    The maximum number of concurrent requests allowed. Requests exceeding the configured limit and below conn + burst will be delayed.

    In API7 Enterprise (from 3.8.17), this parameter also supports the string data type and allows the use of built-in variables prefixed with a dollar sign ($). In APISIX, only the integer type is supported.

  • burst

    integer | string

    required

    vaild vaule:

    greater than or equal to 0

    The number of excessive concurrent requests allowed to be delayed per second. Requests exceeding the limit will be rejected immediately.

    In API7 Enterprise (from 3.8.17), this parameter also supports the string data type and allows the use of built-in variables prefixed with a dollar sign ($). In APISIX, only the integer type is supported.

  • default_conn_delay

    number

    required

    vaild vaule:

    greater than 0

    Processing latency allowed in seconds for concurrent requests exceeding conn + burst, which can be dynamically adjusted based on only_use_default_delay setting.

  • only_use_default_delay

    boolean

    default: false

    If false, delay requests proportionally based on how much they exceed the conn limit. The delay grows larger as congestion increases. For instance, with conn being 5, burst being 3, and default_conn_delay being 1, 6 concurrent requests would result in a 1-second delay, 7 requests a 2-second delay, 8 requests a 3-second delay, and so on, until the total limit of conn + burst is reached, beyond which requests are rejected.

    If true, use default_conn_delay to delay all excessive requests within the burst range. Requests beyond conn + burst are rejected immediately. For instance, with conn being 5, burst being 3, and default_conn_delay being 1, 6, 7, or 8 concurrent requests are all delayed by exactly 1 second each.

  • key_type

    string

    default: var

    vaild vaule:

    var or var_combination

    The type of key.

    If the key_type is var, the key is interpreted as a variable.

    If the key_type is var_combination, the key is interpreted as a combination of variables.

  • key

    string

    required

    The key to count requests by.

    If the key_type is var, the key is interpreted as a variable. The variable does not need to be prefixed by a dollar sign ($). See built-in variables for available variables.

    If the key_type is var_combination, the key is interpreted as a combination of variables. All variables should be prefixed by dollar signs ($). For example, to configure the key to use a combination of two request headers custom-a and custom-b, the key should be configured as $http_custom_a $http_custom_b.

  • rejected_code

    integer

    default: 503

    vaild vaule:

    between 200 and 599 inclusive

    The HTTP status code returned when a request is rejected for exceeding the threshold.

  • rejected_msg

    string

    vaild vaule:

    any non-empty string

    The response body returned when a request is rejected for exceeding the threshold.

  • allow_degradation

    boolean

    default: false

    If true, allow APISIX to continue handling requests without the plugin when the plugin or its dependencies become unavailable.

  • rules

    array[object]

    An array of rate-limiting rules to be applied simultaneously.

    Available in API7 Enterprise from 3.8.17. Not available in APISIX yet.

    • conn

      integer | string

      required

      vaild vaule:

      greater than 0

      The maximum number of concurrent requests allowed. Requests exceeding the configured limit and below conn + burst will be delayed.

      This parameter also supports the string data type and allows the use of built-in variables prefixed with a dollar sign ($).

    • burst

      integer | string

      required

      vaild vaule:

      greater than or equal to 0

      The number of excessive concurrent requests allowed to be delayed per second. Requests exceeding the limit will be rejected immediately.

      This parameter also supports the string data type and allows the use of built-in variables prefixed with a dollar sign ($).

    • key

      string

      required

      The key to count requests by. If the configured key does not exist, the rule will not be executed.

      If the key_type is var, the key is interpreted as a variable. The variable does not need to be prefixed by a dollar sign ($). See built-in variables for available variables.

      If the key_type is var_combination, the key is interpreted as a combination of variables. All variables should be prefixed by dollar signs ($). For example, to configure the key to use a combination of two request headers custom-a and custom-b, the key should be configured as $http_custom_a $http_custom_b.

  • policy

    string

    default: local

    vaild vaule:

    local, redis, or redis-cluster

    The policy for rate limiting counter. If it is local, the counter is stored in memory locally. If it is redis, the counter is stored on a Redis instance. If it is redis-cluster, the counter is stored in a Redis cluster.

  • redis_host

    string

    The address of the Redis node. Required when policy is redis.

  • redis_port

    integer

    default: 6379

    vaild vaule:

    greater than or equal to 1

    The port of the Redis node when policy is redis.

  • redis_username

    string

    The username for Redis if Redis ACL is used. If you use the legacy authentication method requirepass, configure only the redis_password. Used when policy is redis.

  • redis_password

    string

    default: 6379

    The password of the Redis node when policy is redis or redis-cluster.

  • redis_database

    integer

    default: 0

    vaild vaule:

    greater than or equal to 0

    The database number in Redis when policy is redis.

  • redis_ssl

    boolean

    default: false

    If true, use SSL to connect to Redis cluster when policy is redis.

  • redis_ssl_verify

    boolean

    default: false

    If true, verify the server SSL certificate when policy is redis.

  • redis_timeout

    integer

    default: 1000

    vaild vaule:

    greater than or equal to 1

    The Redis timeout value in milliseconds when policy is redis or redis-cluster.

  • redis_cluster_nodes

    array[string]

    The list of the Redis cluster nodes with at least two addresses. Required when policy is redis-cluster.

  • redis_cluster_name

    string

    The name of the Redis cluster. Required when policy is redis-cluster.

  • redis_cluster_ssl

    boolean

    default: false

    If true, use SSL to connect to Redis cluster when policy is redis-cluster.

  • redis_cluster_ssl_verify

    boolean

    default: false

    If true, verify the server SSL certificate when policy is redis-cluster.

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2025. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation