0
0
NestJSframework~10 mins

Rate limiting with throttler in NestJS - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Rate limiting with throttler
Incoming Request
Check Throttler
Requests in Time Window <= Limit?
NoReject Request with 429
Yes
Allow Request to Controller
Update Request Count
Send Response
The throttler checks each request count within a time window. If the count is below the limit, it allows the request and updates the count. Otherwise, it rejects the request.
Execution Sample
NestJS
import { Throttle } from '@nestjs/throttler';
import { Controller, Get } from '@nestjs/common';

@Controller()
export class AppController {
  @Throttle(2, 10)
  @Get('data')
  getData() {
    return 'Hello';
  }
}
This code limits the 'getData' endpoint to 2 requests every 10 seconds per user.
Execution Table
StepRequest NumberTime (s)Requests in WindowCondition (<=2?)ActionResponse
1101YesAllow request'Hello'
2252YesAllow request'Hello'
3373NoReject request429 Too Many Requests
44112YesAllow request'Hello'
55152YesAllow request'Hello'
66163NoReject request429 Too Many Requests
💡 Requests exceeding 2 within 10 seconds are rejected with 429 status.
Variable Tracker
VariableStartAfter 1After 2After 3After 4After 5After 6
requestsInWindow0123 (rejected)223 (rejected)
Key Moments - 2 Insights
Why is the third request rejected even though it is close in time to the first two?
Because the limit is 2 requests per 10 seconds, and at step 3 there are already 2 requests counted within the last 10 seconds, so the third exceeds the limit (see execution_table row 3).
Why does the request count drop back to 2 at step 4?
Because the first request at time 0 is now outside the 10-second window at time 11, so it is no longer counted (see execution_table row 4).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the response for the 3rd request at 7 seconds?
A429 Too Many Requests
B500 Internal Server Error
C'Hello'
DRequest Pending
💡 Hint
Check the 'Response' column at Step 3 in the execution_table.
At which step does the requests count drop because the oldest request leaves the time window?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Look at the 'Requests in Window' column and see when it decreases after being 3.
If the limit was changed to 3 requests per 10 seconds, what would happen at step 6?
ARequest would be rejected
BRequest would be allowed
CRequest count resets to 0
DRequest causes server error
💡 Hint
Compare the 'Requests in Window' at step 6 with the new limit.
Concept Snapshot
Use @Throttle(limit, ttl) decorator on controller methods.
Limit = max requests allowed.
TTL = time window in seconds.
Requests over limit get 429 error.
Throttler tracks requests per user/IP.
Helps protect APIs from overload.
Full Transcript
Rate limiting with throttler in NestJS works by checking each incoming request against a set limit within a time window. The @Throttle decorator sets how many requests are allowed and the time frame. When a request comes in, the throttler counts how many requests have been made recently. If the count is below the limit, the request is allowed and the count updates. If the count is at or above the limit, the request is rejected with a 429 Too Many Requests error. This prevents users from sending too many requests too quickly. The example code limits an endpoint to 2 requests every 10 seconds. The execution table shows requests allowed or rejected based on timing and count. When the oldest request leaves the time window, the count decreases, allowing new requests. This helps keep the server safe and responsive.