GET /shop

​

Overview

​

What It Demonstrates

• Multi-level Rate Limiting: Implements rate limits at both router and proxy levels
• Data Aggregation: Combines campaigns and products data
• Backend Rate Limiting: Protects individual backend services from overload
• Endpoint Rate Limiting: Controls overall request rate to the endpoint

​

Request Example

curl http://localhost:8080/shop

​

Expected Response

{
  "campaigns": [
    {
      "id": 1,
      "name": "Summer Sale",
      "discount": 20,
      "start_date": "2026-06-01",
      "end_date": "2026-08-31"
    },
    {
      "id": 2,
      "name": "Black Friday",
      "discount": 50,
      "start_date": "2026-11-25",
      "end_date": "2026-11-27"
    }
  ],
  "products": [
    {
      "id": 101,
      "name": "Laptop",
      "price": 999.99,
      "category": "Electronics"
    },
    {
      "id": 102,
      "name": "Headphones",
      "price": 79.99,
      "category": "Electronics"
    }
  ]
}

​

Rate Limiting Behavior

{
  "error": "rate limit exceeded"
}

​

Backend Services Called

​

1. Campaigns Service

• Host: http://fake_api (inherited from global config)
• URL Pattern: /shop/campaigns.json
• Allowed Fields: campaigns
• Rate Limit: None (uses endpoint-level limit)

​

2. Products Service

• Host: http://fake_api (inherited from global config)
• URL Pattern: /shop/products.json
• Allowed Fields: products
• Backend Rate Limit: 1 request per second, capacity of 1

​

KrakenD Configuration

{
  "@comment": "Feature: Aggregation + backend rate limiting + endpoint rate limiting",
  "endpoint": "/shop",
  "backend": [
    {
      "url_pattern": "/shop/campaigns.json",
      "allow": ["campaigns"]
    },
    {
      "url_pattern": "/shop/products.json",
      "allow": ["products"],
      "extra_config": {
        "qos/ratelimit/proxy": {
          "max_rate": 1,
          "capacity": 1
        }
      }
    }
  ],
  "extra_config": {
    "qos/ratelimit/router": {
      "max_rate": 2
    }
  }
}

​

Key Configuration Options

​

Endpoint-Level Rate Limiting (qos/ratelimit/router)

{
  "qos/ratelimit/router": {
    "max_rate": 2
  }
}

• Purpose: Limits requests to the entire /shop endpoint
• Max Rate: 2 requests per second
• Scope: Applied before backend calls are made
• Use Case: Protects your infrastructure from overall load

​

Backend-Level Rate Limiting (qos/ratelimit/proxy)

{
  "qos/ratelimit/proxy": {
    "max_rate": 1,
    "capacity": 1
  }
}

• Purpose: Limits requests to the products backend service
• Max Rate: 1 request per second
• Capacity: 1 (token bucket capacity)
• Scope: Applied only to the products backend
• Use Case: Protects specific backend services with strict rate limits

​

Rate Limit Tiers

1. Overall endpoint limit: 2 req/sec (router level)
2. Products backend limit: 1 req/sec (proxy level)
3. Campaigns backend: No specific limit (controlled by endpoint limit)

​

Token Bucket Algorithm

• max_rate: Tokens added per second
• capacity: Maximum tokens that can accumulate
• Behavior: Allows bursts up to capacity, then enforces steady rate

​

Use Cases

• E-commerce API gateways
• Protecting legacy backend systems
• Implementing tiered rate limits
• Preventing backend overload
• Cost control for pay-per-request APIs
• Quality of Service (QoS) enforcement

​

Testing Rate Limits

# Send multiple requests rapidly
for i in {1..5}; do
  curl -w "\nStatus: %{http_code}\n" http://localhost:8080/shop
  sleep 0.3
done

• First 2 requests succeed (200 OK)
• Subsequent requests return 429 (Too Many Requests)
• After waiting 1 second, requests succeed again