Examples
Examples

Express.js - Rate Limiting


What is Rate Limiting?

Rate limiting is a technique used to limit the number of API requests a client can make within a given period of time.

Why We Use Rate Limiting?

We use rate limiting to protect servers and ensure fair use of our application or API.

  • Prevent Abuse & Attacks : Stops users from sending too many requests in a short time.Helps protect servers from malicious actors trying to overload them.
  • Protect Server Resources : Avoids overloading your server with too many requests at once.
  • Ensure Fair Usage : Prevents one user from flooding the server while others wait.
  • Improving API Performance : Prevents excessive traffic from slowing down API response times.
  • Reducing costs : Cloud services often charge based on usage.Limiting requests helps you stay within budget.

Install Dependencies

Install the dependencies use the command is given below

npm install express express-rate-limit

Setting up Express.js Server

index.js 
const express = require('express');
const rateLimit = require('express-rate-limit');

const app = express();

// Apply rate limiting to all requests.  Users can make up to 30 requests within that minute
const limiter = rateLimit({
    windowMs: 1 * 60 * 1000, // 1 minute
    max: 30, // Limit each IP to 30 requests per minute.
    message: 'Too many requests, please try again later.',
});
  
app.use(limiter);   // Apply to all routes

// Define routes
app.get('/', (req, res) => {
    res.status(200).json({ message: "Welcome to the API server." });
});

const PORT = 5000;

app.listen(PORT, () => {
    console.log(`Server is running at http://localhost:${PORT}`);
});

Run the Server

Run the server using the command is given below.

node index.js
D:\my-app>node index.js
Server is running on http://localhost:5000

Output

Before Rate Limiting

The server responds normally when the request limit has not been exceeded. Users can access the endpoint without any restriction.

Express Form handling form output

After Rate Limiting

Once the maximum number of requests is reached, the server blocks further access. A 429 error is returned with a message indicating too many requests.

Express Form handling result output