Rate limiting helps control how many times someone can use a service in a set time. It stops too many requests that can slow down or break your app.
import rateLimit from 'express-rate-limit'; const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // time window in milliseconds max: 100, // max requests per window per IP message: 'Too many requests, please try again later.', }); app.use(limiter);
windowMs sets the time frame for counting requests.
max is how many requests are allowed in that time.
const limiter = rateLimit({ windowMs: 60000, max: 10 });const limiter = rateLimit({ windowMs: 5 * 60 * 1000, max: 50, message: 'Slow down!' });app.use('/api/', rateLimit({ windowMs: 60000, max: 20 }));
This simple Express server limits each user to 3 requests per minute. If they try more, they get a message telling them to wait.
import express from 'express'; import rateLimit from 'express-rate-limit'; const app = express(); const limiter = rateLimit({ windowMs: 60000, // 1 minute max: 3, // limit each IP to 3 requests per windowMs message: 'Too many requests, please wait a minute.', }); app.use(limiter); app.get('/', (req, res) => { res.send('Hello, world!'); }); app.listen(3000, () => { console.log('Server running on http://localhost:3000'); });
Rate limiting works best with user IP addresses to track requests.
Adjust windowMs and max to fit your app's needs.
Use custom messages to inform users politely when they hit the limit.
Rate limiting protects your app from too many requests.
It controls traffic by setting request limits per time window.
Easy to add in Node.js apps using middleware like express-rate-limit.