Rate limiting is a vital concept in web development. It ensures server stability, efficient resource allocation, and protection against malicious attacks. So In this article, we’ll delve into the essence of rate limiting, its importance, various implementation methods, and practical examples to demonstrate its functionality. let’s dive right in ?
Rate limiting is a strategy that is used to control the amount of incoming requests or traffic to a web service or to a server. it helps protect your applications from abuse, ensures fair resource distribution, and maintains service stability.
Here are some of the reasons why you should use rate limiting ??
? I'm not even going to lie because I don't know much about the Token Bucket and Leaky Bucket algorithms, as I haven't needed them for my current projects. However, Fixed Window and Sliding Window are the most common types you'll encounter. For instance, OpenAI's GPT-4 uses Fixed Window rate limiting with tiered limits—their first tier allows 500 requests per minute This approach can lead to burst traffic, as users might hit their limit just before the window resets.
The process typically involves:
Now that you have a basic understanding of rate limiting and how it works, let's get our hands dirty by implementing it in a project we'll be creating.
We'll create two projects demonstrating rate limiting:
Create a folder with any name of your choice and open it on VS code or whatever code editor you use.
Inside that folder you've created, create two more folders called frontend and backend.
After that, cd into the backend folders and enter this command npm init -y to initialize a package.json file
After that install the follow npm packages inside the backend folder ??
npm install express cors express-rate-limit npm install -D nodemon
What these do:
After that, create an index.js (you can this whatever you want) file because we’ll be using it to set up the rate limiter.
After you’ve done copy and paste this code that I am going to explain in a bit
const express = require("express"); const rateLimit = require("express-rate-limit"); const app = express(); // Set up rate limiter: 100 requests per 15 minutes const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, // Limit each IP to 5 requests per `window` (here, per 15 minutes) message: "Too many requests from this IP, please try again later.", }); // Apply the rate limiting middleware to all requests app.use(limiter); app.get("/api/data", (req, res) => { res.send("Welcome to the API!"); }); app.listen(5000, () => { console.log("Server running on http://localhost:5000"); });
Here's what each part does:
Then:
When users hit your API more than 100 times in 15 minutes from the same IP, they'll get the error message instead of accessing the API.
Now that you know how it works, we want to enable auto-restart by adding to package.json ??
{ "scripts": { "dev": "nodemon index.js" } }
That’s all for the backend.
It’s time to set up the frontend.
npm install express cors express-rate-limit npm install -D nodemon
const express = require("express"); const rateLimit = require("express-rate-limit"); const app = express(); // Set up rate limiter: 100 requests per 15 minutes const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, // Limit each IP to 5 requests per `window` (here, per 15 minutes) message: "Too many requests from this IP, please try again later.", }); // Apply the rate limiting middleware to all requests app.use(limiter); app.get("/api/data", (req, res) => { res.send("Welcome to the API!"); }); app.listen(5000, () => { console.log("Server running on http://localhost:5000"); });
Here's what's happening:
That’s all about the GET request example. Let’s move on to the next example
For this example, you can decide to comment out the code of the first example and paste this code ??
{ "scripts": { "dev": "nodemon index.js" } }
You can see that most of the code are the same with the first example but here are just some key difference ??
Also paste this code on the frontend as well
npm create vite@latest .
Here, we're simply making a request to the server through a form. Let's look at how this differs from the GET example:
The form allows 5 submissions in 15 minutes - after that, users see the rate limit error message.
Alright guys, congrats on getting to the end of this article ?. I hope you now have an idea on how rate limiting works and why you should use it on your projects especially if you are working on bigger projects that involves money. If you have any questions, feel free to ask in the comment. Happy coding ?
The above is the detailed content of The Basics of Rate Limiting: How It Works and How to Use It. For more information, please follow other related articles on the PHP Chinese website!