How to Slow Down or Limit API Requests in Express.js

Published on June 2, 2020 43 sec read

HIRE US 🖐
We're available to do freelance project. Take a look at our services!

In this article, I’m going to share how to slow down or limit rate of API requests in Express.js. Let’s get started:

Table of Contents

  1. Install Package
  2. Limit All Routes
  3. Limit Certain Route

Install Package

We’ll use express-slow-down package in our application. let’s install this package:

npm install express-slow-down

Limit All Routes

In this example, we’re going to slow down all API routes requests:

app.s
const slowDown = require("express-slow-down");
const app = express();
 
app.enable("trust proxy"); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc)
 
const speedLimiter = slowDown({
  windowMs: 20 * 60 * 1000, // 20 minutes
  delayAfter: 70, // allow 70 requests per 20 minutes, then...
  delayMs: 500 // begin adding 500ms of delay per request above 100:
  // request # 71 is delayed by  500ms
  // request # 72 is delayed by 1000ms
  // request # 73 is delayed by 1500ms
  // etc.
});
 
//  apply to all requests
app.use(speedLimiter);

app.get("/test", (req, res) => {
  // logic
});

app.listen(3000, () => console.log(`App is running`));

Limit Certain Route

We can limit a single route like this:

app.s
const rateLimit = require("express-rate-limit");

const testLimiter = rateLimit({
	windowMs: 20 * 60 * 1000, // 20 minutes
	delayAfter: 70, // 70 requests
	delayMs: 500 // adding 500ms delay
});

app.post('/test', testLimiter, (req, res) => {
   // logic
});

app.listen(3000, () => console.log(`App is running`));
That’s all. . Thank you. 🙂

Author

Hey, I'm Md Obydullah. I build open-source projects and write on Laravel, Linux server, modern JavaScript and more on web development.

Follow

2 Replies to “How to Slow Down or Limit API Requests in Express.js”

    1. Hi Din,

      Example: Suppose, we are providing sports API. We have 3 packages called Silver, Gold, Platinum. We want to set the packages like:

      1. Silver: 1000 API requests/hour.Monthly price: $10.
      2. Gold: 10000 API requests/hour. Monthly price: $100.
      3. Platinum: Unlimited API requests. Monthly price: $250.

      To do this, we need to limit the API requests. There are many reasons to limit or slow down API requests. We can reduce spam, hacking etc. too. I hope you understand. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *