• The API Platform for AI.

      Explore More
      Platform Runtimes
      Kong Gateway
      • Kong Cloud Gateways
      • Kong Ingress Controller
      • Kong Operator
      • Kong Gateway Plugins
      Kong AI Gateway
      Kong Event Gateway
      Kong Mesh
      Platform Core Services
      • Gateway Manager
      • Mesh Manager
      • Service Catalog
      Platform Applications
      • Developer Portal
      • API and AI Analytics
      • API Products
      Development Tools
      Kong Insomnia
      • API Design
      • API Testing and Debugging
      Self-Hosted API Management
      Kong Gateway Enterprise
      Kong Open Source Projects
      • Kong Gateway OSS
      • Kuma
      • Kong Insomnia OSS
      • Kong Community
      Get Started
      • Sign Up for Kong Konnect
      • Documentation
    • Featured
      Open Banking SolutionsMobile Application API DevelopmentBuild a Developer PlatformAPI SecurityAPI GovernanceKafka Event StreamingAI GovernanceAPI Productization
      Industry
      Financial ServicesHealthcareHigher EducationInsuranceManufacturingRetailSoftware & TechnologyTransportation
      Use Case
      API Gateway for IstioBuild on KubernetesDecentralized Load BalancingMonolith to MicroservicesObservabilityPower OpenAI ApplicationsService Mesh ConnectivityZero Trust SecuritySee all Solutions
      Demo

      Learn how to innovate faster while maintaining the highest security standards and customer trust

      Register Now
  • Customers
    • Documentation
      Kong KonnectKong GatewayKong MeshKong AI GatewayKong InsomniaPlugin Hub
      Explore
      BlogLearning CentereBooksReportsDemosCase StudiesVideos
      Events
      API SummitWebinarsUser CallsWorkshopsMeetupsSee All Events
      For Developers
      Get StartedCommunityCertificationTraining
    • Company
      About UsWhy Kong?CareersPress RoomInvestorsContact Us
      Partner
      Kong Partner Program
      Security
      Trust and Compliance
      Support
      Enterprise Support PortalProfessional ServicesDocumentation
      Press Release

      Kong Expands with New Headquarters in Downtown San Francisco

      Read More
  • Pricing
  • Login
  • Get a Demo
  • Start for Free
Blog
  • Engineering
  • Enterprise
  • Learning Center
  • Kong News
  • Product Releases
    • API Gateway
    • Service Mesh
    • Insomnia
    • Kubernetes
    • API Security
    • AI Gateway
  • Home
  • Blog
  • Engineering
  • How to rate limit your requests per consumer groups
Engineering
July 5, 2022
2 min read

How to rate limit your requests per consumer groups

Shlomi Tubul

One of the most common use cases our customers are using Kong for is API rate limiting. There are a few common reasons for doing this:

  1. Performance – How can you make sure your service will respond with the required service level agreement (SLA)?
  2. Security – How can you block attempts to take down your application, such as a distributed denial of service (DDoS)?
  3. Business – What if you want to give a paying customer better/upgraded service than one that doesn’t?

For all those and more, we’re able to easily add this functionality with Kong's rate limit advanced plugin.

The plugin can be applied at different levels such as service, route, specific consumer, or even in a global scope. By having this flexibility, one can set a generic global limit but then still overrule the global limit to allow for a more specific rate limit at a lower level.

However, after working with many of Kong customers, one use case couldn’t be met with the specificity highlighted above. This use case is how can Kong help when customers want to have different rate limits based on an organization, partner, or tenant? The answer is Kong’s feature of “Consumer Groups,” which we’ll expand on below (and is documented here).

Released on 2.7, the Kong API gateway allows you to define limits per consumer groups. This means that one can still use the general RL functionality as mentioned above, but also add specific limits to certain groups. Let’s see how we can make it work.

Add a service

Add a route

Add 2 consumer groups — we will assign different users to different groups later on to test our functionality

As seen above, both John and Sarah have a limit of 1000 RPM as we wanted.

Summary

As we can see, it is very easy to configure Kong to rate limit your traffic with the relevant requirement for your use case — be it security, performance, or business use case.

Topics:Rate Limiting
|
Plugins
Powering the API world

Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

Sign up for Kong newsletter

Platform
Kong KonnectKong GatewayKong AI GatewayKong InsomniaDeveloper PortalGateway ManagerCloud GatewayGet a Demo
Explore More
Open Banking API SolutionsAPI Governance SolutionsIstio API Gateway IntegrationKubernetes API ManagementAPI Gateway: Build vs BuyKong vs PostmanKong vs MuleSoftKong vs Apigee
Documentation
Kong Konnect DocsKong Gateway DocsKong Mesh DocsKong AI GatewayKong Insomnia DocsKong Plugin Hub
Open Source
Kong GatewayKumaInsomniaKong Community
Company
About KongCustomersCareersPressEventsContactPricing
  • Terms•
  • Privacy•
  • Trust and Compliance
  • © Kong Inc. 2025