API docs by Redocly

ID Gateway Rate Limiting Admin API (0.1.0)

Download OpenAPI specification:Download

OpenAPI specification for admin-only rate limiting controls.

This module exposes endpoints to manage allowlist entries and reset rate limit counters. Rate limiting itself is enforced by middleware on public and authenticated endpoints.

Rate Limit Headers:

  • X-RateLimit-Limit: max requests per window
  • X-RateLimit-Remaining: remaining requests in the window
  • X-RateLimit-Reset: Unix timestamp when the window resets
  • Retry-After: seconds until retry (on 429/503 responses)

Rate Limit Errors (non-admin endpoints):

  • 429 rate_limit_exceeded
  • 429 user_rate_limit_exceeded
  • 429 client_rate_limit_exceeded
  • 503 service_unavailable

Add an allowlist entry

Adds an IP address or user ID to the rate limit allowlist. Allowlisted identifiers bypass rate limiting until expiry.

Authorizations:
adminToken
Request Body schema: application/json
required
type
required
string (AllowlistEntryType)
Enum: "ip" "user_id"

Identifier type for allowlist entries

identifier
required
string

IP address or user ID

reason
required
string

Reason for allowlisting

expires_at
string or null <date-time>

Optional expiry for the allowlist entry

Responses

Request samples

Content type
application/json
Example
{
  • "type": "ip",
  • "identifier": "192.168.1.100",
  • "reason": "Monitoring service",
  • "expires_at": "2025-12-31T00:00:00Z"
}

Response samples

Content type
application/json
{
  • "allowlisted": true,
  • "identifier": "192.168.1.100",
  • "expires_at": "2025-12-31T00:00:00Z"
}

Remove an allowlist entry

Removes an IP address or user ID from the allowlist.

Authorizations:
adminToken
Request Body schema: application/json
required
type
required
string (AllowlistEntryType)
Enum: "ip" "user_id"

Identifier type for allowlist entries

identifier
required
string

IP address or user ID

Responses

Request samples

Content type
application/json
{
  • "type": "ip",
  • "identifier": "192.168.1.100"
}

Response samples

Content type
application/json
Example
{
  • "error": "bad_request",
  • "error_description": "Invalid JSON in request body"
}

List allowlist entries

Returns all active allowlist entries (non-expired).

Authorizations:
adminToken

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Reset rate limit counters

Clears the rate limit counters for a specific identifier. The optional class restricts the reset to a specific endpoint class.

Authorizations:
adminToken
Request Body schema: application/json
required
type
required
string (AllowlistEntryType)
Enum: "ip" "user_id"

Identifier type for allowlist entries

identifier
required
string

IP address or user ID

class
string (EndpointClass)
Enum: "auth" "sensitive" "read" "write"

Endpoint class for rate limiting

Responses

Request samples

Content type
application/json
Example
{
  • "type": "ip",
  • "identifier": "192.168.1.100",
  • "class": "auth"
}

Response samples

Content type
application/json
Example
{
  • "error": "bad_request",
  • "error_description": "Invalid JSON in request body"
}

Get quota usage for an API key

Returns the current quota usage for a specific API key (PRD-017 FR-5). Shows usage, limit, remaining requests, and reset time.

Authorizations:
adminToken
path Parameters
api_key
required
string <uuid>

API key identifier

Responses

Response samples

Content type
application/json
{
  • "api_key_id": "550e8400-e29b-41d4-a716-446655440000",
  • "tier": "starter",
  • "usage": 450,
  • "limit": 1000,
  • "remaining": 550,
  • "reset_at": "2025-02-01T00:00:00Z"
}

Reset quota for an API key

Resets the quota usage counter for a specific API key to zero (PRD-017 FR-5). Optionally accepts a reason for audit purposes.

Authorizations:
adminToken
path Parameters
api_key
required
string <uuid>

API key identifier

Request Body schema: application/json
optional
reason
string <= 500 characters

Optional reason for resetting the quota (for audit)

Responses

Request samples

Content type
application/json
{
  • "reason": "Customer support escalation"
}

Response samples

Content type
application/json
{
  • "status": "reset"
}

List all API key quotas

Returns quota usage for all registered API keys (PRD-017 FR-5).

Authorizations:
adminToken

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Update quota tier for an API key

Updates the quota tier for a specific API key (PRD-017 FR-5). The new tier's limits take effect immediately.

Authorizations:
adminToken
path Parameters
api_key
required
string <uuid>

API key identifier

Request Body schema: application/json
required
tier
required
string (QuotaTier)
Enum: "free" "starter" "business" "enterprise"

API quota tier determining monthly request limits

Responses

Request samples

Content type
application/json
{
  • "tier": "business"
}

Response samples

Content type
application/json
{
  • "status": "updated",
  • "tier": "business"
}