Introduction to Quotas and Governance

Moesif’s Governance Rules feature allows you to automatically enforce quotas or restrict access to your APIs based on user behavior or specific account conditions, such as a user having no pre-paid credits left for a monetized API. Governance rules can help your company adopt a robust API governance policy that complements business growth and improves user experiences through proper regulation and feature optimization.

Governance rules work by interacting with the Moesif SDK or plugin to block or modify the response on the fly, or both.

Governance SDK interaction

For governance rules to work, you only need to install a Moesif SDK or governance-compatible plugin and have Moesif fully integrated with your APIs. This includes user and company tracking, depending on the rules you require. A governance rule can make decisions from not only API requests, but you can add governance rules based on any customer demographics or behavior that Moesif can track—for example, blocking customers with overdue invoices or adding paywalls to your API.

Use Cases and Benefits

Moesif’s governance rules allow you to enforce various policies and business logic for different scenarios. They can help you maintain sustainable growth and improve your business model by extending quotas and governance from a business level to complement the engineering-level governance that most API gateways and management platforms provide.

The following examples illustrate some common use cases that companies leverage governance rules for:

  • If you monetize your API with a prepaid billing model, you can create a governance rule to block customers once they run out of credits or have a negative account balance.
  • Enforce various security and business policies to protect your API, such as blocking bad actors from scraping an abnormally large amount of data.
  • Leverage governance rules to add custom HTTP headers. For example, deprecation warning headers when your customers access an older version of your API.
  • Implement various subscription policies according to your business model. For example, it automatically grants and revokes access for different subscription tiers, enforces quotas and limits for users of different tiers, and so on.