In this article, I’m going to share how to slow down or limit rate of API requests in Express.js. Let’s get started:

Table of Contents

1. Install Package
2. Limit All Routes
3. Limit Certain Route

Install Package

We’ll use express-slow-down package in our application. let’s install this package:

npm install express-slow-down

Limit All Routes

In this example, we’re going to slow down all API routes requests:

const slowDown = require("express-slow-down");
const app = express();

app.enable("trust proxy"); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc)

const speedLimiter = slowDown({
  windowMs: 20 * 60 * 1000, // 20 minutes
  delayAfter: 70, // allow 70 requests per 20 minutes, then...
  delayMs: 500 // begin adding 500ms of delay per request above 100:
  // request # 71 is delayed by  500ms
  // request # 72 is delayed by 1000ms
  // request # 73 is delayed by 1500ms
  // etc.
});

//  apply to all requests
app.use(speedLimiter);

app.get("/test", (req, res) => {
  // logic
});

app.listen(3000, () => console.log(`App is running`));

Limit Certain Route

We can limit a single route like this:

const rateLimit = require("express-rate-limit");

const testLimiter = rateLimit({
	windowMs: 20 * 60 * 1000, // 20 minutes
	delayAfter: 70, // 70 requests
	delayMs: 500 // adding 500ms delay
});

app.post('/test', testLimiter, (req, res) => {
   // logic
});

app.listen(3000, () => console.log(`App is running`));