JWT claim based rate limiting

Neil_chambers · July 8, 2019, 4:43pm

I have been asked to evaluate kong as a possible api gateway solution specifically with regards to effective rate limiting. In our case, we would like to rate limit individual customers, identified as a claim in a JWT bearer token.
Is this kind of solution supported with one or more existing plugins or would we need to write one ourselves? I followed some links to enterprise documentation but didn’t find what I was looking for. I just need a pointer.

Cheers!

hbagdi · July 9, 2019, 1:11am

You can use the JWT plugin for authentication purposes.

Then use the rate-limiting plugin to limit per consumer that is authentiated:

This is a very common use case for Kong.

Neil_chambers · July 9, 2019, 7:16am

Thanks
My question was a little more specific - will the plugins allow me to use any claim from the JWT authentication token as a basis for rate limiting? In our case the subject of the JWT is not the Consumer.
I’ll read up some more. Thanks again

Mju · June 23, 2022, 4:05pm

is there a way to use any claim in the jwt token as the basis for rate limiting? @Neil_chambers

Topic		Replies	Views
Rate Limiting for consumers validated by API-KEY and JWT Questions	0	191	July 31, 2023
JWT plugin and consumers Questions	3	978	February 9, 2018
Rate limiting per jwt credential	0	387	January 23, 2020
How to enable rate-limit plugin on route "/oauth2/token" Questions	5	526	October 3, 2018
JWT token not issued by Kong - how to map to consumer Questions	2	1089	August 11, 2019

JWT claim based rate limiting

Related Topics