API Developmentintermediate
Add rate limiting to API endpoints
Rate Limiter
Add rate limiting to API endpoints
Add rate limiting to API endpoints.
Instructions
- Token bucket implementation (in-memory):
const rateLimits = new Map<string, { tokens: number; lastRefill: number }>();
function rateLimit(key: string, maxTokens: number, refillRate: number): boolean {
const now = Date.now();
const bucket = rateLimits.get(key) ?? { tokens: maxTokens, lastRefill: now };
// Refill tokens based on elapsed time
const elapsed = (now - bucket.lastRefill) / 1000;
bucket.tokens = Math.min(maxTokens, bucket.tokens + elapsed * refillRate);
bucket.lastRefill = now;
if (bucket.tokens < 1) {
rateLimits.set(key, bucket);
return false; // rate limited
}
bucket.tokens -= 1;
rateLimits.set(key, bucket);
return true;
}
- Redis-based (for distributed systems):
async function rateLimitRedis(key: string, limit: number, windowSec: number): Promise<boolean> {
const current = await redis.incr(key);
if (current === 1) await redis.expire(key, windowSec);
return current <= limit;
}
- Apply as middleware with proper headers:
// Response headers
res.setHeader('X-RateLimit-Limit', limit);
res.setHeader('X-RateLimit-Remaining', remaining);
res.setHeader('X-RateLimit-Reset', resetTime);
// Return 429 Too Many Requests when exceeded
Rate Limit Tiers
- Auth endpoints: 5 req/15min per IP
- Public API: 60 req/min per IP
- Authenticated API: 600 req/min per user
- Webhook endpoints: 1000 req/min per source