Terms and definitions


An application programming interface (API) is an interface or communication endpoint and defines how software components interact.

Concerning the Airlock Gateway (WAF), we use the term API to denote a set of service endpoints (e.g. a set of REST endpoints).

API key

An API key is a string passed by the Tech-Client (API client) to an API endpoint or API gateway. The key uniquely identifies the Tech-Client and is part of every request.

API Policy Service

The API Policy Service is an Airlock IAM service called by the Airlock Gateway (WAF) to get information about Tech-Clients given an API key.

Plan (API Plan)

An API plan is a template for API access restrictions encompassing access control, rate limit and quota information. A plan is typically assigned to a Tech-Client such that request sent by the Tech-Client can be checked against the restrictions of the plan.


A limit in the number of requests during a long time period such as a month or a year. To check a quota, request counters are persisted. Quotas are used for API monetization. Example: 10 m requests/month. For limits over a short period such as seconds, we use the term rate limit.

rate limit

A limit in the number of requests during a short time. A rate limit can be checked at runtime without persistence. It is used to protect against overload and in API monetization.

Example: 10 requests/second.

For limits over a long period such as days or weeks, we use the term quota.


A technical API client such as a REST client. A Tech-Client is an identity used by a piece of software using a service API. A Tech-Client can be part of another service (e.g. the webserver of a fintech company) or a client software operated by the user (e.g. smartphone app).

(Airlock Gateway)

Data owner concept where a user of the Airlock Gateway is limited to tenancy-typical actions and data access. Basically this means that users with tenant rights are isolated from other tenant-users on the Airlock Gateway.

(Airlock IAM)

Airlock IAM supports two concepts to segregate users: Tenant and Realm.

In the tenant concept, multiple IAM instances share one database schema in order to save costs if database pricing is schema-based.


The act of applying a rate limit (in the Airlock Gateway). Limits the number of requests per second (or another short time period) by rejecting excess requests.