#1 Data Analytics Program in India
ā‚¹2,499ā‚¹1,499Enroll Now
5 min read
ā€¢Question 8 of 28medium

What is API rate limiting?

Understanding rate limiting in APIs.

What You'll Learn

  • What rate limiting is
  • Why it's important
  • Implementation strategies

What is Rate Limiting?

Rate limiting restricts the number of API requests a client can make within a time window.

Why Rate Limit?

  • Prevent abuse and DDoS attacks
  • Ensure fair usage
  • Protect server resources
  • Control costs

Common Strategies

1. Fixed Window

code.jsJavaScript
100 requests per minute
Resets at the start of each minute

2. Sliding Window

code.jsJavaScript
100 requests in any 60-second window
More accurate but complex

3. Token Bucket

code.jsJavaScript
Tokens added at fixed rate
Each request consumes a token
Allows bursts when bucket is full

Implementation (Express)

code.jsJavaScript
const rateLimit = require('express-rate-limit');

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // 100 requests per window
  message: { error: 'Too many requests, try again later' },
  standardHeaders: true, // Return rate limit info in headers
});

app.use('/api/', limiter);

Response Headers

code.jsJavaScript
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1234567890
Previous
What is JWT and how does it work?
Next
How do you version an API?