How to Slow Down or Limit API Requests in Express.js

Published on June 2, 2020 43 sec read

In this article, I’m going to share how to slow down or limit rate of API requests in Express.js. Let’s get started:

Table of Contents

  1. Install Package
  2. Limit All Routes
  3. Limit Certain Route

Install Package

We’ll use express-slow-down package in our application. let’s install this package:

npm install express-slow-down

Limit All Routes

In this example, we’re going to slow down all API routes requests:

const slowDown = require("express-slow-down");
const app = express();
app.enable("trust proxy"); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc)
const speedLimiter = slowDown({
  windowMs: 20 * 60 * 1000, // 20 minutes
  delayAfter: 70, // allow 70 requests per 20 minutes, then...
  delayMs: 500 // begin adding 500ms of delay per request above 100:
  // request # 71 is delayed by  500ms
  // request # 72 is delayed by 1000ms
  // request # 73 is delayed by 1500ms
  // etc.
//  apply to all requests

app.get("/test", (req, res) => {
  // logic

app.listen(3000, () => console.log(`App is running`));

Limit Certain Route

We can limit a single route like this:

const rateLimit = require("express-rate-limit");

const testLimiter = rateLimit({
	windowMs: 20 * 60 * 1000, // 20 minutes
	delayAfter: 70, // 70 requests
	delayMs: 500 // adding 500ms delay
});'/test', testLimiter, (req, res) => {
   // logic

app.listen(3000, () => console.log(`App is running`));
That’s all. . Thank you. 🙂

Monthly Newsletter

One email a month, packed with the latest tutorials, delivered straight to your inbox.
We'll never send any spam or promotional emails.

Hey, I'm Md Obydullah. I build open-source projects and write article on Laravel, Linux server, modern JavaScript and more on web development.


2 Replies to “How to Slow Down or Limit API Requests in…”

    1. Hi Din,

      Example: Suppose, we are providing sports API. We have 3 packages called Silver, Gold, Platinum. We want to set the packages like:

      1. Silver: 1000 API requests/hour.Monthly price: $10.
      2. Gold: 10000 API requests/hour. Monthly price: $100.
      3. Platinum: Unlimited API requests. Monthly price: $250.

      To do this, we need to limit the API requests. There are many reasons to limit or slow down API requests. We can reduce spam, hacking etc. too. I hope you understand. 🙂

Leave a Reply