I am looking at the API manager to provide both public (as in free) and licensed (as in paid access) to our API's. The difference is that the public API's would be throttled and the licensed accounts would have unlimited, or un-throttled, access.
In setting up and testing a public API, I set the authentication type to none (since existing users of our API do not currently specify something akin to an api_key). I can access the API through the API manager (localhost:9100/......) but it does not throttle. I have even set the UNLIMITED SLA to 1 request/minute but I still get unlimited access to the API from a browser. However, if I use an authentication type of apiKey, and add an api_key to a query, I get throttled access even using the UNLIMITED SLA which is set to 1 request/minute. So I know the SLA and hence throttling, work. However, I cannot find a way to throttle public API's (those with an authentication type of 'none'). To complicate matters, I can only have TRY OUT and UNLIMITED SLA's if I have an authentication type of 'none' (hence my changing the requests for UNLIMITED) so I can't use a new SLA.
1. Can I even throttle APIs with an authentication type of 'none'?
2. Does anyone have any suggestions on how to implement this architecture (throttled public or free and un-throttled licensed or paid)?