Konubinix' opinionated web of thoughts

Usage Plan

Fleeting

provisioning paid plans

QoS, API gateway: how to monetize the API and prioritize paid plans and throttle the free ones, rate limiting,

A usage plan specifies who can access one or more deployed API stages and methods—and optionally sets the target request rate to start throttling requests.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html

They suggest to have API keys to discriminate the plans and to keep it an orthogonal dimension than the authorization one.

Don’t use API keys for authentication or authorization for your APIs. If you have multiple APIs in a usage plan, a user with a valid API key for one API in that usage plan can access all APIs in that usage plan. Instead, use an IAM role, a Lambda authorizer, or an Amazon Cognito user pool.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html

usage plan defines the number of requests that a client can make to an API within a specified time period. This allows developers to ensure that their APIs can handle the desired level of traffic and avoid being overwhelmed by excessive requests

https://www.benoitpaul.com/blog/aws/api-gateway-usage-plan-api-key/

Notes linking here