Capping API usage
You can explicitly cap requests in two ways: requests per second per user and requests per day.
Limiting requests per second per user
To prevent individual users from using up your API quota, limit the number of requests per second per user for an API. Each API includes a default per-user limit, but you can modify that value as described in the following section.
Individual users are identified either by their IP address or by a unique string; if you're creating a server-side application (where the calling code is hosted on a server that you own) that makes requests on behalf of users, your requests must include the
userIp parameter or the
quotaUserparameter, as described below.
Note: Although per-user limits are specified in queries per second, we permit short-term usage spikes. Therefore, you should set your limits based on sustained average traffic levels. If anyone tries to use an API in excess of these settings, the requests will trigger a limit exceeded error.
There are two ways to identify a user:
- To identify a user by IP address, include the
userIp=x.x.x.xparameter in your requests, where
x.x.x.xis the IP address of the user for whom the server-side application is making the call.
- If your application doesn't know the user's IP address (for example, if your application runs cron jobs on App Engine on a user's behalf), then use the
quotaUser=userIDparameter. You can choose any arbitrary string under forty characters long that uniquely identifies a user. If you provide both parameters,
These parameters are used for capping requests per user per second; you can't use them for whitelisting. If you don't send the
quotaUserparameters, then all calls are listed as coming directly from the server-side machine itself, in which case calls can't be capped by user.
When sending the user's IP address or other identifier, be sure that you comply with any local laws, including any laws relating to the disclosure of any personal information you send with each request.
Modify the number of requests (available only when billing is enabled)
You can set daily limits to all requests to any billable API. Most APIs set default limits, but you can change that limit up to a maximum specified by Google.
To view or change daily billable limits for your API, do the following:
- Go to the Cloud Platform Console.
- From the projects list, select a project or create a new one.
- If the APIs & services page isn't already open, open the left side menu and select APIs & services.
- Click the name of the API you're interested in.
- Click Quotas.
- On the requests per day or requests per 100 seconds per user line, click the edit icon, then enter the preferred total billable daily quota, up to the limit specified by Google.
Note: You can set daily billable limits only on billable APIs. If your project doesn't use any billable APIs, then you can't set daily limits.