How to Slow Down or Limit API Requests in Express.js

In this article, I’m going to share how to slow down or limit rate of API requests in Express.js. Let’s get started:

Table of Contents

  1. Install Package
  2. Limit All Routes
  3. Limit Certain Route

Install Package

We’ll use express-slow-down package in our application. let’s install this package:

npm install express-slow-down

Limit All Routes

In this example, we’re going to slow down all API routes requests:

app.s
const slowDown = require("express-slow-down");
const app = express();

app.enable("trust proxy"); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc)

const speedLimiter = slowDown({
  windowMs: 20 * 60 * 1000, // 20 minutes
  delayAfter: 70, // allow 70 requests per 20 minutes, then...
  delayMs: 500 // begin adding 500ms of delay per request above 100:
  // request # 71 is delayed by  500ms
  // request # 72 is delayed by 1000ms
  // request # 73 is delayed by 1500ms
  // etc.
});

//  apply to all requests
app.use(speedLimiter);

app.get("/test", (req, res) => {
  // logic
});

app.listen(3000, () => console.log(`App is running`));

Limit Certain Route

We can limit a single route like this:

app.s
const rateLimit = require("express-rate-limit");

const testLimiter = rateLimit({
	windowMs: 20 * 60 * 1000, // 20 minutes
	delayAfter: 70, // 70 requests
	delayMs: 500 // adding 500ms delay
});

app.post('/test', testLimiter, (req, res) => {
   // logic
});

app.listen(3000, () => console.log(`App is running`));

That’s all. . Thank you.


Software Engineer | Ethical Hacker & Cybersecurity...

Md Obydullah is a software engineer and full stack developer specialist at Laravel, Django, Vue.js, Node.js, Android, Linux Server, and Ethichal Hacking.