A simple, customizable API Rate Limiter middleware for Node.js and Express.
Supports multiple rate limiting algorithms and is designed to be easy to use, plug-and-play, and beginner-friendly.
- ✅ Multiple Algorithms:
- Fixed Window
- Sliding Window
- Token Bucket
- Leaky Bucket
- ✅ Plug-and-play middleware
- ✅ Custom key generation (IP / user / headers)
- ✅ Rate limit headers support
- ✅ Lightweight (no external dependencies)
- ✅ Easy configuration
Clone the repository:
git clone https://github.com/YOUR_USERNAME/api-rate-limiter.git
cd api-rate-limiter
npm installCreate a simple Express server:
const express = require("express");
const rateLimiter = require("./index");
const app = express();
// Apply rate limiter
app.use(rateLimiter({
type: "fixedWindow",
limit: 5,
window: 10, // seconds
headers: true
}));
app.get("/", (req, res) => {
res.send("Working!");
});
app.listen(3000, () => {
console.log("Server running on port 3000");
});Run your server:
node test.jsThen send multiple requests:
curl -i http://localhost:3000After exceeding the limit, you’ll get:
{
"message": "Too many requests, please try again later."
}When enabled (headers: true), responses include:
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 2
Retry-After: 5These headers help clients understand usage and retry timing.
| Option | Description | Default |
|---|---|---|
| type | Algorithm type | "tokenBucket" |
| limit | Max requests | 10 |
| window | Time window (seconds) | 60 |
| message | Error message | "Too many requests..." |
| statusCode | HTTP status | 429 |
| headers | Enable headers | true |
| keyGenerator | Custom key function | req.ip |
| store | Custom storage | Memory store |
- Simple and fast
- Resets after time window
- More accurate than fixed window
- Prevents burst abuse
- Allows bursts
- Smooth refill over time
- Constant request rate
- Best for steady traffic
You can rate limit per user instead of IP:
app.use(rateLimiter({
limit: 5,
keyGenerator: (req) => req.headers["user-id"]
}));API-RateLimiter/
│── algorithms/
│── middleware/
│── store/
│── utils/
│── config/
│── index.jsRate limiting helps prevent abuse and ensures system stability by restricting how many requests a client can make in a given time window.
This project:
- Tracks requests per user/key
- Applies chosen algorithm
- Blocks requests when limit is exceeded
- Redis support (for distributed systems)
- API key-based rate limiting
- Dashboard for monitoring
- npm package publishing