api-rate-limit-express
@rtorcato/api-rate-limit-express is the Express adapter for
api-rate-limit. It applies a sliding-window limit per client
and responds 429 when the limit is exceeded.
Install
pnpm add @rtorcato/api-rate-limit @rtorcato/api-rate-limit-express express
express is a peer dependency — you bring your own version.
Usage
import { rateLimitMiddleware } from '@rtorcato/api-rate-limit-express'
app.use(rateLimitMiddleware({
requests: 100, // max requests per key
windowMs: 60_000, // sliding window: 1 minute
}))
Keys on the client IP via X-Forwarded-For. When the limit is exceeded it responds
429 with the standard error envelope { error: 'TooManyRequestsError', code: 'too_many_requests', message } from api-errors.
Per-route limits
Apply a tighter limit to specific routes instead of globally:
const authLimiter = rateLimitMiddleware({ requests: 10, windowMs: 60_000 })
app.use('/auth', authLimiter)
Related
- api-rate-limit — framework-agnostic core (limits, sliding window, limitations)
- api-rate-limit-hono — the Hono adapter