Cost Control
Apiway provides budget guards for both sides of the API equation — protecting producer infrastructure from overconsumption and consumer budgets from runaway costs.
Two Sides of Cost Control
Section titled “Two Sides of Cost Control”| Guard | Protects | Limits |
|---|---|---|
| Producer RU Metering | Backend infrastructure | More usage = more revenue, but limited by capacity |
| Consumer Cost Guard | Financial exposure | More usage = more cost, limited by budget |
Producer Side — RU Quota
Section titled “Producer Side — RU Quota”Protects your backend from being overwhelmed by a single consumer. Each subscription has an RU quota enforced at the gateway.
When a subscription hits its quota:
- Soft alert — At the configured threshold (e.g., 80%), a governance event fires. The consumer is notified. Calls continue.
- Hard stop — At 100%, the gateway returns
402 Payment Required. Calls are blocked until the next billing period or quota is increased. - SLA upgrade — After 3+ breaches in 30 days, Apiway recommends a higher SLA tier.
Consumer Side — Consumption Budget Guard
Section titled “Consumer Side — Consumption Budget Guard”Protects your budget from runaway outbound calls to consumed APIs. A deployment bug on a Friday evening should cost the daily budget — not the quarterly forecast.
Configuration
Section titled “Configuration”Each consumed API subscription can have a budget ceiling:
| Field | Description |
|---|---|
ConsumptionBudget | Maximum spend in the billing period |
ConsumptionBudgetPeriod | Budget reset cycle (Daily, Monthly, etc.) |
ConsumptionBudgetAlertThreshold | Percentage for soft warning |
ConsumptionBudgetEnforceHardStop | Whether to block calls at ceiling |
Response Headers
Section titled “Response Headers”| Header | Description |
|---|---|
X-Budget-Limit | Budget ceiling |
X-Budget-Remaining | Remaining budget |
X-Budget-Period | Budget period |
Dependency Budget Check
Section titled “Dependency Budget Check”For APIs that call other APIs (the aggregator pattern), the gateway performs a pre-flight budget check on dependencies before forwarding the request:
- Check the dependency’s rate limit headroom
- Check the dependency’s RU budget headroom
- If either is insufficient, fail the request early — before consuming the caller’s resources
This prevents cascading failures where a downstream budget exhaustion wastes upstream resources.
Rate Limiting
Section titled “Rate Limiting”Independent of RU metering, the gateway enforces per-subscription rate limits:
| Header | Description |
|---|---|
RateLimit-Limit | Maximum requests per window |
RateLimit-Remaining | Requests remaining |
RateLimit-Reset | Seconds until the window resets |
Retry-After | Seconds to wait (on 429 response) |
Rate limits use a fixed-window algorithm with in-memory tracking for minimal latency.
Governance Integration
Section titled “Governance Integration”All budget and rate limit events trigger governance flows:
| Event | Response |
|---|---|
| Rate limit breached | Informational — logged and reported |
| Budget threshold reached | Notification — consumer alerted |
| Budget exhausted | Hard stop — calls blocked |
| SLA upgrade recommended | Recommendation — governance flow initiated |