API-Level ThrottlingThese are the subscription tiers that you make available to each of your subscribers for a particular API: for example, 20 calls per minute. You pick which of them you make available on the final step of API editing: You can edit these tiers by following these instructions.
Backend Hard-LimitsThat same API configuration page also allows you to set limits across all subscribers of the API - so your backend does not get overloaded by multiple users:
Resource-Level ThrottlingOn the other hand, in some cases, you might want to go more granular and set limits on individual REST resources. Again, you can do this in the lower part of that same configuration screen: These resource-level tiers can be edited as explained here.
Application-Level TiersFinally, API subscribers can also set throttling limits across their applications - this way they can prevent abuse of subscription limits by their individual end-users and applications. These limits can be set in Developer Portal (API Store) on the My Applications tab: Application-level tiers can be edited as explained here.
- Like I mentioned before, these throttling limits have been in the platform for a long time. What is changed now, is us making them all off (or unlimited) by default, so you only get limited by the policies that you explicitly set.
- There is obviously the overall calls per second limit of your API Cloud subscription level.
- If multiple throttling policies apply - the most restrictive wins.