If no monetization rate plan exists for the API product fetched during the proxy call execution,
the product is deemed non-monetized, the MonetizationLimitsCheck policy does not fetch any
further data, and the policy has no effect.
If a rate plan is found but a subscription is not found for the API developer, the
MonetizationLimitsCheck policy raises a fault and blocks the API call.
When you attach the MonetizationLimitsCheck policy to an API proxy, the
mint.limitscheck.* and mint.subscription_* flow variables are populated,
as described in
Debugging the MonetizationLimitsCheck policy and the mint flow variable reference.
A quota defines the number of requests allowed for an API product over a given time period. To
enforce quotas for monetization, it is recommended that you set the quota value when
creating an API product.
Defining a quota value for an API product does not automatically enforce restrictions on the
number of calls that can be made through the API product. You must also add Quota policies to the
API proxies that are referenced by the API product to ensure the quota value defined at the
API product-level is enforced.
Edit the Quota policy to enable the
<UseQuotaConfigInAPIProduct>
element to use the quota configuration defined at the API product-level.
When you attach the Quota policy to an API proxy, the ratelimit.* flow variables are
populated, as described in
Debugging the Quota policy
and the Quota policy
flow variables
reference.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis documentation applies to both Apigee and Apigee hybrid platforms, focusing on enforcing monetization limits within these environments.\u003c/p\u003e\n"],["\u003cp\u003eMonetization in Apigee utilizes the VerifyAPIKey or VerifyAccessToken policies to identify if an incoming request is monetizable based on the active published rate plan.\u003c/p\u003e\n"],["\u003cp\u003eThe MonetizationLimitsCheck policy is used to enforce developer subscriptions to API products, triggering a fault and blocking API calls if a subscription is absent.\u003c/p\u003e\n"],["\u003cp\u003eQuota policies can be attached to API proxies to enforce request limits for API products, with the option to configure quotas at the API product level for greater control.\u003c/p\u003e\n"],["\u003cp\u003eThe Quota policy requires the \u003ccode\u003e<UseQuotaConfigInAPIProduct>\u003c/code\u003e element to utilize the defined API product quota configuration, which will take precedence over any other configured values in the Quota policy itself.\u003c/p\u003e\n"]]],[],null,["# Enforce monetization limits in API proxies\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\n\nThis page describes how to enforce monetization limits by attaching policies to API proxies in a\nmonetized API product.\n\nAdd an authentication policy\n----------------------------\n\n\nApigee monetization uses the\n[VerifyAPIKey\npolicy](/apigee/docs/api-platform/reference/policies/verify-api-key-policy) or the\n[VerifyAccessToken operation of the OAuth2 policy](/apigee/docs/api-platform/reference/policies/oauthv2-policy#verifyingaccesstokens) to\ndetermine if an incoming request is monetizable by checking for the active published rate plan.\n\n\nAttach the policy to the API proxy using the Apigee UI or the API. See\n[Editing an API proxy](/apigee/docs/api-platform/develop/ui-edit-proxy) for\ninformation on editing a proxy.\n\n\nSee also:\n\n- [Attaching a policy to a flow](/apigee/docs/api-platform/develop/attaching-and-configuring-policies-management-ui#attaching-a-policy-to-a-flow)\n- [Verifying access tokens](/apigee/docs/api-platform/security/oauth/using-access-tokens)\n- [Monitoring and debugging the authentication policy](/apigee/docs/api-platform/monetization/debug-trace#auth) using Debug\n\nEnforce developer subscriptions on API products\n-----------------------------------------------\n\n\nAttach the\n[MonetizationLimitsCheck policy](/apigee/docs/api-platform/reference/policies/monetization-limits-check-policy) to API proxies to enforce developer subscriptions on\nthe API product:\n\n- If no monetization rate plan exists for the API product fetched during the proxy call execution, the product is deemed non-monetized, the MonetizationLimitsCheck policy does not fetch any further data, and the policy has no effect.\n- If a rate plan is found but a subscription is not found for the API developer, the MonetizationLimitsCheck policy raises a fault and blocks the API call.\n\n\nWhen you attach the MonetizationLimitsCheck policy to an API proxy, the\n`mint.limitscheck.*` and `mint.subscription_*` flow variables are populated,\nas described in\n[Debugging the MonetizationLimitsCheck policy](/apigee/docs/api-platform/monetization/debug-trace#monetizationlimitscheck) and the [mint](/apigee/docs/api-platform/reference/variables-reference#mint) flow variable reference.\n| **Note** : To prevent specific transactions from getting billed, you can use the **transactionSuccess** monetization variable. For more information about using the **transactionSuccess** variable, see [Monetization variables](/apigee/docs/api-platform/reference/policies/data-capture-policy#mint-var).\n\n\nFor more information, see:\n\n- [Creating an API proxy](/apigee/docs/api-platform/develop/ui-create-proxy#apigee-ui)\n- [Editing an API proxy](/apigee/docs/api-platform/develop/ui-edit-proxy)\n- [Attaching a policy to a flow](/apigee/docs/api-platform/develop/attaching-and-configuring-policies-management-ui#attaching-a-policy-to-a-flow)\n- [Debugging the MonetizationLimitsCheck policy](/apigee/docs/api-platform/monetization/debug-trace#monetizationlimitscheck) using Debug\n- [MonetizationLimitsCheck policy](/apigee/docs/api-platform/reference/policies/monetization-limits-check-policy)\n\nEnforce monetization quotas in API proxies\n------------------------------------------\n\n| **Note:** If you add a quota after the API product has been in use, the quota calculation starts from the next monetized transaction.\n\n\nA quota defines the number of requests allowed for an API product over a given time period. To\nenforce quotas for monetization, it is recommended that you set the quota value when\n[creating an API product](/apigee/docs/api-platform/publish/create-api-products).\n\n\nDefining a quota value for an API product does not automatically enforce restrictions on the\nnumber of calls that can be made through the API product. You must also add Quota policies to the\nAPI proxies that are referenced by the API product to ensure the quota value defined at the\nAPI product-level is enforced.\n\n\nEdit the Quota policy to enable the\n[\\\u003cUseQuotaConfigInAPIProduct\\\u003e](/apigee/docs/api-platform/reference/policies/quota-policy#usequotaconfiginapiproduct)\nelement to use the quota configuration defined at the API product-level.\n\nFor example: \n\n```\n\u003cQuota continueOnError=\"false\" enabled=\"true\" name=\"impose-quota\"\u003e\n \u003cDisplayName\u003eImpose Quota\u003c/DisplayName\u003e\n \u003cUseQuotaConfigInAPIProduct stepName=\"verify-api-key\"\u003e\n \u003cDefaultConfig\u003e\n \u003cAllow\u003e10000\u003c/Allow\u003e\n \u003cInterval\u003e1\u003c/Interval\u003e\n \u003cTimeUnit\u003eweek\u003c/TimeUnit\u003e\n \u003c/DefaultConfig\u003e\n \u003c/UseQuotaConfigInAPIProduct\u003e\n \u003cDistributed\u003etrue\u003c/Distributed\u003e\n \u003cSynchronous\u003etrue\u003c/Synchronous\u003e\n \u003cStartTime\u003e2021-01-01 12:00:00\u003c/StartTime\u003e\n\u003c/Quota\u003e\n```\n| **Notes:**\n|\n| - You can define the default configuration `\u003cDefaultConfig\u003e` to use if the quota configuration is not defined in the API product, but the quota configuration defined at the API product-level takes precedence.\n| - When you add the `\u003cUseQuotaConfigInAPIProduct\u003e` element to the Quota policy, then Apigee ignores any `\u003cAllow\u003e`, `\u003cInterval\u003e`, and `\u003cTimeUnit\u003e` child elements of `\u003cQuota\u003e`.\n\n\nWhen you attach the Quota policy to an API proxy, the `ratelimit.*` flow variables are\npopulated, as described in\n[Debugging the Quota policy](/apigee/docs/api-platform/monetization/debug-trace#quota)\nand the Quota policy\n[flow variables](/apigee/docs/api-platform/reference/policies/quota-policy#variables)\nreference.\n\nFor more information, see:\n\n- [Editing an API proxy](/apigee/docs/api-platform/develop/ui-edit-proxy)\n- [Attaching a policy to a flow](/apigee/docs/api-platform/develop/attaching-and-configuring-policies-management-ui#attaching-a-policy-to-a-flow)\n- [Debugging the Quota policy](/apigee/docs/api-platform/monetization/debug-trace#quota) using Debug\n- [Quota policy](/apigee/docs/api-platform/reference/policies/quota-policy)"]]
