Rate limit by consumer usernamev3.15+
Rate limits consumers based on their username.
By default, when identifier is set to consumer, counters are keyed by consumer.id.
Setting counter_key to consumer.username keys the counter by username instead, so consumers with the same username share a single rate limit counter regardless of which control plane processed the request.
This is useful in distributed deployments where consumers with the same username exist across multiple control planes but should be subject to a unified rate limit.
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: rate-limiting-advanced
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
controlPlaneId: Theidof the control plane.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
labels:
global: 'true'
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10
plugin: rate-limiting-advanced
" | kubectl apply -f -Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_rate_limiting_advanced" "my_rate_limiting_advanced" {
enabled = true
config = {
strategy = "cluster"
window_size = [60]
limit = [10]
identifier = "consumer"
counter_key = "consumer.username"
sync_rate = 10
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: rate-limiting-advanced
service: serviceName|Id
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
controlPlaneId: Theidof the control plane. -
serviceId: Theidof the service the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10
plugin: rate-limiting-advanced
" | kubectl apply -f -Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=rate-limiting-advancedPrerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_rate_limiting_advanced" "my_rate_limiting_advanced" {
enabled = true
config = {
strategy = "cluster"
window_size = [60]
limit = [10]
identifier = "consumer"
counter_key = "consumer.username"
sync_rate = 10
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: rate-limiting-advanced
route: routeName|Id
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
controlPlaneId: Theidof the control plane. -
routeId: Theidof the route the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10
plugin: rate-limiting-advanced
" | kubectl apply -f -Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=rate-limiting-advancedkubectl annotate -n kong ingress konghq.com/plugins=rate-limiting-advancedPrerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_rate_limiting_advanced" "my_rate_limiting_advanced" {
enabled = true
config = {
strategy = "cluster"
window_size = [60]
limit = [10]
identifier = "consumer"
counter_key = "consumer.username"
sync_rate = 10
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: rate-limiting-advanced
consumer: consumerName|Id
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/consumers/{consumerName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
consumerName|Id: Theidornameof the consumer the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumers/{consumerId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
controlPlaneId: Theidof the control plane. -
consumerId: Theidof the consumer the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10
plugin: rate-limiting-advanced
" | kubectl apply -f -Next, apply the KongPlugin resource by annotating the KongConsumer resource:
kubectl annotate -n kong kongconsumer CONSUMER_NAME konghq.com/plugins=rate-limiting-advancedPrerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_rate_limiting_advanced" "my_rate_limiting_advanced" {
enabled = true
config = {
strategy = "cluster"
window_size = [60]
limit = [10]
identifier = "consumer"
counter_key = "consumer.username"
sync_rate = 10
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer = {
id = konnect_gateway_consumer.my_consumer.id
}
}Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: rate-limiting-advanced
consumer_group: consumerGroupName|Id
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10Make sure to replace the following placeholders with your own values:
-
consumerGroupName|Id: Theidornameof the consumer group the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/consumer_groups/{consumerGroupName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
consumerGroupName|Id: Theidornameof the consumer group the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/consumer_groups/{consumerGroupId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "rate-limiting-advanced",
"config": {
"strategy": "cluster",
"window_size": [
60
],
"limit": [
10
],
"identifier": "consumer",
"counter_key": "consumer.username",
"sync_rate": 10
},
"tags": []
}
'Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
controlPlaneId: Theidof the control plane. -
consumerGroupId: Theidof the consumer group the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-advanced
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
konghq.com/tags: ''
config:
strategy: cluster
window_size:
- 60
limit:
- 10
identifier: consumer
counter_key: consumer.username
sync_rate: 10
plugin: rate-limiting-advanced
" | kubectl apply -f -Next, apply the KongPlugin resource by annotating the KongConsumerGroup resource:
kubectl annotate -n kong kongconsumergroup CONSUMERGROUP_NAME konghq.com/plugins=rate-limiting-advancedPrerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_rate_limiting_advanced" "my_rate_limiting_advanced" {
enabled = true
config = {
strategy = "cluster"
window_size = [60]
limit = [10]
identifier = "consumer"
counter_key = "consumer.username"
sync_rate = 10
}
tags = []
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
consumer_group = {
id = konnect_gateway_consumer_group.my_consumer_group.id
}
}