Hi Amogh, Welcome to MS Q&A
I think you can go with the rate-limit-by-key
policy prevents API usage spikes on a per key basis by limiting the call rate to a specified number per a specified time period. The key can have an arbitrary string value and is typically provided using a policy expression. Optional increment condition can be added to specify which requests should be counted towards the limit
In the following example, the rate limit of 3 calls per session
<policies>
<inbound>
<base />
<rate-limit-by-key calls="3"
renewal-period="15"
counter-key="@(context.Request.Headers.GetValueOrDefault("Session-Identifier"))" />
</inbound>
<outbound>
<base />
</outbound>
</policies>
kindly fix the indentation error if any for above policy code
Please check this doc for more ref -->https://learn.microsoft.com/en-us/azure/api-management/rate-limit-by-key-policy
Kindly accept answer if it helps Thanks