Axe APIRate limiting
Axe API does not provide an internal rate limiter. Nevertheless, we are going to show you an example of how you can add a rate limiter to your application in this section.
- You will learn
- What is rate limiting?
- How to add a rate limiter?
- How to store the rate-limiting data?
Getting started
Rate limiting in REST API refers to the practice of restricting the number of requests a client can make within a specified timeframe. It helps prevent abuse, ensures fair resource allocation, and protects the API server from excessive traffic.
Rate limits are typically defined as a maximum number of requests per minute, hour, or day. When the limit is exceeded, the server responds with a specific HTTP status code (e.g., 429 Too Many Requests), indicating the client has reached the limit.
Rate limiting can be implemented using various techniques such as token bucket, sliding window, or fixed window algorithms. It promotes API stability, mitigates denial-of-service attacks, and ensures equitable access to resources for all clients while maintaining the overall API performance and availability.
In this section, we are going to use the express-rate-limit library as an Express Middleware.
Install dependencies
You can use the following commands in the application root folder;
$ npm install --save express-rate-limitIntegration with Axe API
In the app/v1/init.ts file, you can add the following middleware;
import { Express } from "express";
import RateLimitter from "./Middlewares/RateLimitter";
const onBeforeInit = async (app: Express) => {
app.use(RateLimitter);
};
const onAfterInit = async (app: Express) => {};
export { onBeforeInit, onAfterInit };After that, you can create the following file;
import rateLimit from "express-rate-limit";
export default rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 1, // limit each IP to 100 requests per windowMs
});Storing the data
express-rate-limit library supports many store providers such as Redis, Memcached, or Mongo. You can use any of them easily.
In the following example, we are going to show how you can add Redis support for the rate limiter.
$ npm install --save rate-limit-redisimport RateLimit from "express-rate-limit";
import RedisStore from "rate-limit-redis";
export default new RateLimit({
store: new RedisStore({
// see Configuration
}),
max: 100, // limit each IP to 100 requests per windowMs
delayMs: 0, // disable delaying - full speed until the max limit is reached
});You can review the following store libraries;
Next steps
In this section, we tried to simplify how you can add your rate-limiting features to the API.
In the next section, we are going to show how you can write unit test.