DEV Community

Cover image for Unkey: Rate limiting made super easy and How I used it
Atharva_404
Atharva_404

Posted on

Unkey: Rate limiting made super easy and How I used it

The 0: Why?

Hey, lads as you might know, with the uprising of online users and SaaS emerging, how important is is to implement authentication in your application to prevent users from misusing or depleting your resources and prevent the services from working.

Authentication comes in many ways, in which one of the most widely used and safest is OTP based authentication, which works by sending the user an OTP (One Time Password) which they can use to enter your website or perform passwords resets and what not.

But what if someone misuses your authentication to span OTP's and bring down your smtp server?

This is where rate limiting comes in picture. Unkey is one of the easiest way to implement and safeguard your API routes.

The 0.5: Unkey's entry

Unkey Landing Page

Unkey as they say

Redefined API management for developers. Quickly add API keys, rate limiting, and usage analytics to your API at any scale.

Ps: it is open-source

The 1.0: My project and Unkey's Rate Limiting

Recently I made an entire authentication backend (can be found here) which provides a plug and play functionality, with features like sign-in/up, password resets, verification mails as well as welcome mails.

I was looking for a solution to rate-limit my endpoints since I'm using a free tier of mailtrap to send emails. And while researching, I came across Unkey's Rate Limiting feature (doc here), and was amazed by how easy it was to implement in my pre-existing project.

Here's how I did it, and how you can do it too!

Implementing Rate Limiting using Unkey:

I have two routes that I want to rate-limit which are as follows:

  • Sign-up (without Unkey): As shown below I am sending an OTP to verify the user on Sign Up.

sign up no unkey

  • Password Reset Email (without Unkey): If a user forgets or decides to reset there password, I have a separate route.

reset no unkey

Before starting with Unkey, don't forget to install there package which supports typescript by running:

npm install @unkey/ratelimit

Create a root key from https://app.unkey.com/settings/root-keys/new with the following permissions:

ratelimit permission

And don't forget to copy your key to .env since it will be only show once.

Copy key

Unkey requires you to define a Rate Limit config which helps you fine-grain rate limiting rules and definitions.

Here is the config I am using:

rate limit config

And this was the hardest part, yes really! Unkey is this easy

Now, you can ratelimit any of your API's with whichever identifier that you want, here's how I used it to rate limit users based on there email's to prevent them from flooding my smtp server.

  • Sign-in with Rate Limiting from Unkey:

sign in ratelimit

  • Reset Password mail with Rate Limiting from Unkey:

reset password unkey

Rate Limiting in Action:

Here I am testing my backend using postman to check if the rate limiting is working:



Analytics
You know what is even Better? Unkey also gave me analytics which I can view on there dashboard after you create the key.

Ratelimit dashboard

The 2.0: Conclusion

Unkey is one of if not the best way to protect and ratelimit your API's, and what better is that it is Open-source as compared to other services, there source code can be found here
I would highly recommend this to anyone who is looking to safeguard there API's without much hassle and full transparency.

Top comments (0)