Skip to main content

api-rate-limit-express

@rtorcato/api-rate-limit-express is the Express adapter for api-rate-limit. It applies a sliding-window limit per client and responds 429 when the limit is exceeded.

Install

pnpm add @rtorcato/api-rate-limit @rtorcato/api-rate-limit-express express

express is a peer dependency — you bring your own version.

Usage

import { rateLimitMiddleware } from '@rtorcato/api-rate-limit-express'

app.use(rateLimitMiddleware({
requests: 100, // max requests per key
windowMs: 60_000, // sliding window: 1 minute
}))

Keys on the client IP via X-Forwarded-For. When the limit is exceeded it responds 429 with the standard error envelope { error: 'TooManyRequestsError', code: 'too_many_requests', message } from api-errors.

Per-route limits

Apply a tighter limit to specific routes instead of globally:

const authLimiter = rateLimitMiddleware({ requests: 10, windowMs: 60_000 })
app.use('/auth', authLimiter)