With step 1 to 5, you now have set up the following configuration:

The PrivateEchoAPI can now be consumed by Spring Corp.. To calls from Spring Corp. the Gold rate limiting will be applied. It needs to supply an API Key to be able to consume the PrivateEchoAPI.

Now, you are going to test if your API is accessible.

Testing API Access and Policy Functionality

Open the details page of client Spring Corp. and go to tab Contracts.

Click Try .

The test UI opens in a new browser tab.
Refer to the Swagger homepage for more information about the functions of the Swagger UI.

At the top of the page, the Base URL and the link to the API definition are displayed.

Expand the displayed operations to start testing.

Open the GET /HelloWorld method.

Click Execute to test the GET request.

As displayed in section Curl, the API Key is provided correctly with the cURL call.

In the Response body section, you can see the actual response of the service. The call returned the string Hello World! along with the current timestamp.

Now you know that the PrivateEchoAPI is invokable. Next, you are going to test if the Rate Limiting Policy is applied correctly.

As configured in tutorial step 2, clients using plan Gold should be able to execute 20 requests per minute.

Click Execute more than 20 times in succession.

In section Server response an error is displayed:

  • message: "Rate limit exceeded."
  • headers:
    • X-RateLimit-Limit: shows the number of allowed requests
    • X-RateLimit-Limit-Remaining: shows the number of remaining requests, in our test case the value should be negative.

The API can be consumed as intended.

Follow Our Example User Story

You now can inform David that the API is published and ready to use.

Consuming the API

Follow Our Example User Story

David Stringer wants to test the API from the customer's perspective.

To consume the API, the customer Spring Corp. would access it via its client in the Developer Portal.

Open the Developer Portal and go to tab My Clients.


Click API Documentation.

  • In the test UI, execute some GET and POST requests.
  • Then switch back to My Clients.

  • Open tab Policies in your client.

You are testing with your personal client and API Key. Therefore, each test decreases the rate limit that is set by the rate limiting policy.

  • Check that your testing had an impact on the displayed rate limit.

The policy display is loaded initially when you open the tab. If you want to refresh the display, you need to reload the browser window.



Congratulations - you have done it!

You have created your own private API and tested it.

On this Page:

Related Pages:
Related Documentation:


  • No labels