SLA Tiers
- Despite you can define SLA tiers per API, as a best practice the SLA definitions should be homogeneous across all APIs or across defined groups of APIs.
- Define SLA tiers for each API to enforce the approval workflow and access limits (limit the number of requests an application can make to the API).
- The Names and values of the tiers should be standard across all APIs following a naming-convention
|
Tier Name
|
Approval
|
Limits (example)
|
|---|---|---|
| Basic | Auto | 100 requests / hour |
| Gold | Manual | 100 requests / minute |
| Platinum | Manual | 100 requests / second |
- The limits are purely descriptive and should be enforced by using policies. Enforce the SLA tiers with SLA-based policies such as rate-limiting and throttling
For more information: https://docs.mulesoft.com/api-manager/defining-sla-tiers
API Policies
- The policies should be applied homogeneous across all environments
- Apply at least one of the following security-related policies
- Client ID enforcement
- Open ID token enforcement (OAuth2)
- Apply an SLA rate-limiting policy defining the limits based on the Performance Testing results for each API implementation
API Alerts
- Despite you can define Alerts per API, as a best practice the Alert definitions should be homogeneous across all APIs or across defined groups of APIs.
- See: Notifications and Alerts#APIAlerts
Analytics
- Use the default dashboard to see API consumption parameters
- Create a custom dashboard with custom charts if needed