4 min read
•Question 36 of 62mediumHow to implement rate limiting in Node.js?
Protecting APIs with rate limiting.
What You'll Learn
- Why rate limiting matters
- Implementation methods
- Configuration options
Using express-rate-limit
$ terminalBash
npm install express-rate-limitcode.jsJavaScript
const rateLimit = require('express-rate-limit');
// Basic rate limiter
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per window
message: 'Too many requests, please try again later',
standardHeaders: true,
legacyHeaders: false
});
// Apply to all requests
app.use(limiter);
// Or specific routes
app.use('/api/', limiter);Different Limits for Routes
code.jsJavaScript
const authLimiter = rateLimit({
windowMs: 60 * 60 * 1000, // 1 hour
max: 5, // 5 attempts per hour
message: 'Too many login attempts'
});
const apiLimiter = rateLimit({
windowMs: 60 * 1000, // 1 minute
max: 60 // 60 requests per minute
});
app.use('/auth/login', authLimiter);
app.use('/api/', apiLimiter);Redis Store (for distributed systems)
code.jsJavaScript
const RedisStore = require('rate-limit-redis');
const Redis = require('ioredis');
const client = new Redis();
const limiter = rateLimit({
store: new RedisStore({
sendCommand: (...args) => client.call(...args)
}),
windowMs: 15 * 60 * 1000,
max: 100
});