Konubinix' opinionated web of thoughts

Usage Plan


provisioning paid plans

QoS, API gateway: how to monetize the API and prioritize paid plans and throttle the free ones, rate limiting,

A usage plan specifies who can access one or more deployed API stages and methods—and optionally sets the target request rate to start throttling requests.


They suggest to have API keys to discriminate the plans and to keep it an orthogonal dimension than the authorization one.

Don’t use API keys for authentication or authorization for your APIs. If you have multiple APIs in a usage plan, a user with a valid API key for one API in that usage plan can access all APIs in that usage plan. Instead, use an IAM role, a Lambda authorizer, or an Amazon Cognito user pool.


usage plan defines the number of requests that a client can make to an API within a specified time period. This allows developers to ensure that their APIs can handle the desired level of traffic and avoid being overwhelmed by excessive requests


Notes linking here