Rate limiting with Kong Gateway
Capabilities
Kong Gateway allows you to limit how many HTTP requests can be made in a given period.
Rate limits can be applied to a Gateway Service or individual Routes to protect the upstream API, or to a Consumer to restrict how many times a user can call the API in the specified period.
Kong offers two standard HTTP rate limiting plugins: Rate Limiting or Rate Limiting Advanced plugins in addition to a series specialized AI, Gateway Service, GraphQL, and dynamic rate limiting plugins.
flowchart TD
A{What are you trying
to rate limit?}
A -->|Only Services| B[Service Protection
plugin]
A -->|LLMs| G[AI Rate Limiting
Advanced plugin]
A -->|GraphQL queries| I[GraphQL Rate Limiting
Advanced plugin]
A -->|Routes, Consumers,
or global| C{Do you want to
apply multiple limits
or sliding windows?}
A -->|"Consumers
(developer requests)"| D[Response Rate
Limiting plugin]
C --> |Yes| H[Rate Limiting
Advanced plugin]
C --> |No| F[Rate Limiting
plugin]
click B "/plugins/service-protection/"
click D "/plugins/response-ratelimiting/"
click F "/plugins/rate-limiting/"
click G "/plugins/ai-rate-limiting-advanced/"
click I "/plugins/graphql-rate-limiting-advanced/"
click H "/plugins/rate-limiting-advanced/"
Comparing Rate Limiting with Rate Limiting Advanced
| Rate Limiting | Rate Limiting Advanced | |
|---|---|---|
Rate limit based on consumer, consumer-group, credential, ip and service
|
||
| Basic Redis support | ||
| Redis Sentinel, Cluster + SSL support | ||
| Fixed window rate limits | ||
| Advanced rate limiting algorithms For example: leaky bucket, sliding window. | ||
Enhanced window size configuration
Configure custom intervals beyond standard options like second or minute.
|
||
| Precise counter control Specify whether blocked requests count towards the rate limit calculation. | ||
| Throttle rate limits v3.12+ Allows requests that exceed the rate limit threshold to be delayed and retried, rather than immediately rejected. |
How-to guides
- Rate limit a Consumer with Kong GatewayView →
- Create rate limiting tiers with Kong GatewayView →
- Rate limit a Gateway Service with Kong GatewayView →
- Adjust header names in a requestView →
- Apply multiple rate limits and window sizesView →
- Rate limit requests based on peak and off-peak timeView →
- View More →
