Protects against traffic spikes by throttling the number of requests processed by an API proxy. The requests are sent to the backend, thereby protecting against performance lags and downtime.


The properties that have to be configured to use the policy are described below.

Figure 1: Spike Arrest Policy Configuration attributes


Specifies the number of requests that are allowed per second/minute/hour (select from the drop-down) intervals.

IdentifierVariable used for uniquely identifying the application or client. Use Identifier logically with the attribute 'Weight' to throttle requests by specific clients or applications.

Specifies the weighting defined for each message. Message weight is used to modify the impact of a single request on the calculation of the Spike Arrest limit. Message weight can be set by variables based on HTTP Headers, Query Parameters, or Message Body content.



For a Spike Arrest rate of 10 per minute, if an application submitted contains requests with weight 2, then only 5 messages per minute are permitted from that application.


Use Weight logically with Identifier attribute to throttle requests by specific clients or apps.


Click Edit button corresponding to Identifier/Weight to configure the attributes Type, Variable Name and Default Value.

Figure 2: Dialog box to choose Identifier Type

Refer to the Configuring Message Part Identifier section to configure these parameters.


Context Variables provide a way to store temporary data inside a flow so as to use in the subsequent parts of the flow.

Configure the Spike Arrest policy as per the configuration below:

  • Rate: 10/minute
  • Quota Identifier:

    • Variable Name: (ID of the consumer making the request)
    • Default Value: default (any value)
  • Weight:
    • Type: PARAMETER
    • Name: weight (The name of the query parameter which needs to be used as the identifier)
    • Default Value: 2

Figure 3: Spike Arrest policy configured with values as provided in the Example

This Policy configuration works in the following ways:

  • Allows only 5 (Rate/Weight) requests to be processed per minute. If 5 requests are sent in a second, they are divided in the time interval (1 minute) specified. 1 request is processed in every 12 seconds (60 Seconds/5 requests).
  • If more than 5 requests are sent within the time interval specified (1 minute), only 5 requests will be processed in a minute and the extra set of requests (maximum 5 requests) will be processed in the next minute and so on.

The logic applied in example 3 of quota policy for weight differentiation can be applied for spike arrest as well to prioritize client requests when a Verify API Key/Verify Access Token is used before Spike Arrest.

Adaptavist ThemeBuilder EngineAtlassian Confluence