DEV Community

Cover image for Secure your Nodejs REST API By using Rate Limiting
Timi
Timi

Posted on

Secure your Nodejs REST API By using Rate Limiting

Introduction

Rate limiting is a technique used to control the number of requests that a client can make to an API within a given period of time. This can be used to protect your API from being overloaded by malicious traffic or to prevent individual users from making too many requests and impacting the performance of your API for other users.

In this blog post, we will show you how to implement rate limiting in your Node.js API using the Express framework. We will use the express-rate-limit package to do this, which is a popular and well-maintained library for rate limiting in Node.js.

Prerequisites

Before you start, you will need to have the following installed:

  • Node.js
  • The Express framework
  • The express-rate-limit package

Setting up the rate limiter

The first step is to install the express-rate-limit package. You can do this by running the following command in your terminal:

Code snippet

npm install express-rate-limit
Enter fullscreen mode Exit fullscreen mode

Once you have installed the package, you can create a new Express application. In your application's main file, you will need to require the express-rate-limit package and create a new rate limiter instance. The following code shows how to do this:

Code snippet

const express = require("express");
const rateLimit = require("express-rate-limit");

const app = express();

const limiter = rateLimit({
  max: 10,
  windowMs: 60 * 1000,
});

Enter fullscreen mode Exit fullscreen mode

The max property specifies the maximum number of requests that a client can make within the specified window of time. The windowMs property specifies the length of the window in milliseconds.

Applying the rate limiter

Once you have created a rate limiter instance, you can apply it to your Express routes. To do this, you can use the use() method. The following code shows how to apply the rate limiter to a route that returns a list of users:

Code snippet

app.get("/users", limiter, (req, res) => {
  // Get a list of users
  res.send(["John Doe", "Jane Doe"]);
});

Enter fullscreen mode Exit fullscreen mode

When a client makes a request to this route, the rate limiter will check to see if the client has exceeded the maximum number of requests for the current window. If the client has exceeded the limit, the rate limiter will return an error response.

Testing the rate limiter

You can test the rate limiter by making a number of requests to the /users route. If you make more than 10 requests within a 60-second window, you will start to receive error responses from the rate limiter.

Conclusion

In this blog post, we have shown you how to implement rate limiting in your Node.js API using the Express framework. We used the express-rate-limit package to do this, which is a popular and well-maintained library for rate limiting in Node.js.

I hope this blog post was helpful. If you have any questions, please feel free to leave a comment below.

Top comments (0)