How to Use Throttling in Django REST Framework (DRF)
In Django REST Framework, use
throttle_classes in your views or globally in settings to limit API request rates. DRF provides built-in throttling classes like AnonRateThrottle and UserRateThrottle that you configure with rate strings such as '5/minute'.Syntax
Throttling in DRF is set by adding throttle_classes to your API views or viewsets. You specify one or more throttle classes that control request rates. You also define rate limits in your settings.py using DEFAULT_THROTTLE_RATES.
throttle_classes: List of throttle classes to apply.DEFAULT_THROTTLE_RATES: Dictionary mapping throttle class names to rate strings.- Rate strings format:
'number/period'(e.g.,'10/minute').
python
from rest_framework.throttling import AnonRateThrottle, UserRateThrottle from rest_framework.views import APIView class MyView(APIView): throttle_classes = [AnonRateThrottle, UserRateThrottle] # In settings.py REST_FRAMEWORK = { 'DEFAULT_THROTTLE_CLASSES': [ 'rest_framework.throttling.AnonRateThrottle', 'rest_framework.throttling.UserRateThrottle', ], 'DEFAULT_THROTTLE_RATES': { 'anon': '10/minute', 'user': '1000/day' } }
Example
This example shows a simple API view with throttling enabled for anonymous and authenticated users. Anonymous users can make 3 requests per minute, authenticated users 10 per minute.
python
from rest_framework.views import APIView from rest_framework.response import Response from rest_framework.throttling import AnonRateThrottle, UserRateThrottle class ExampleThrottleView(APIView): throttle_classes = [AnonRateThrottle, UserRateThrottle] def get(self, request): return Response({'message': 'Request successful!'}) # settings.py REST_FRAMEWORK = { 'DEFAULT_THROTTLE_CLASSES': [ 'rest_framework.throttling.AnonRateThrottle', 'rest_framework.throttling.UserRateThrottle', ], 'DEFAULT_THROTTLE_RATES': { 'anon': '3/minute', 'user': '10/minute' } }
Output
{"message": "Request successful!"}
Common Pitfalls
- Not setting
DEFAULT_THROTTLE_RATESinsettings.pycauses throttling to have no effect. - Forgetting to add
throttle_classesto views or globally disables throttling. - Using the wrong rate string format (must be like
'number/period'). - Throttling applies per user or IP; testing with the same client may hit limits quickly.
python
from rest_framework.views import APIView from rest_framework.response import Response # Wrong: No throttle_classes set class NoThrottleView(APIView): def get(self, request): return Response({'message': 'No throttling'}) # Right: throttle_classes added from rest_framework.throttling import UserRateThrottle class WithThrottleView(APIView): throttle_classes = [UserRateThrottle] def get(self, request): return Response({'message': 'Throttling active'})
Quick Reference
| Throttle Class | Description | Default Rate Key |
|---|---|---|
| AnonRateThrottle | Limits requests from anonymous users | 'anon' |
| UserRateThrottle | Limits requests from authenticated users | 'user' |
| ScopedRateThrottle | Limits requests per view scope | 'scope' |
| CustomThrottle | User-defined throttle class | Custom key in settings |
Key Takeaways
Add throttle classes to your views or globally in settings to enable throttling.
Set rate limits in settings.py under DEFAULT_THROTTLE_RATES using 'number/period' format.
Use built-in classes like AnonRateThrottle and UserRateThrottle for common cases.
Test throttling carefully as limits apply per user or IP address.
Remember throttling protects your API from too many requests and abuse.