Good morning, afternoon or evening depending on your blessed location ๐.
Today being the third day, I did a lot of things, which included drafting database diagrams, ratelimiting, converting of workflow to codes, resolving conflicts and merging pull request, designing database model and drafting workflow together with my colleague.
Buh, I want to share how I implemented rate limiting, and why it is very important and necessary in the development of APIs.
How did I implement Rate limiting in my ExpressJs API? ๐ค
I installed express-rate-limit package using npm
const rateLimit = require('express-rate-limit'); // import the package
const app = express();
// Defined a rate limiter middleware
const limiter = rateLimit({
windowMs: 1 * 60 * 1000, // 1 minute
max: 3, // limit each IP to 3 requests per windowMs
message: 'Too many requests from this IP, please try again later.'
});
// use the ratelimiter
app.use(limiter);
easy right? I just limited the maximum number of requests a client can make to my API to 3 per minute. This way I'm controlling the rate at which requests are made to my API.
What's the usefulness of all I've written? I can't just write codes for writing sake. This feature I just implemented, how will it add to the development of the app? ๐คทโโ๏ธ. Find out ๐
What's Rate limiting and why should I use it in my API?
Let's start with what is Rate limiting? - Rate limiting is a technique used in API development to control the number of requests a client or user can make to an API within a specific time frame.
why should I use it in my API? ๐ here are five reasons
To prevent abuse or misuse of the API by limiting the number of requests a single client or user can make in a given time period. Imagine, a cyber burglar is trying to access a user's information and he has to log in. He doesn't have the user's credentials. He will be tempted to use bruteforce attacks - trying all possible combinations of usernames and passwords until the correct one is found. After 3 requests in a minute, the API stops responding. If this continue, he will probably grow tired ๐คช. I know we can't completely protect our APIs from attacks, but we can make our attackers grow tired and withdraw.
To ensure fair usage of the API's resources among all clients or users. Without rate limiting, a single client or user could monopolize the resources, leading to degraded performance for others.
To provide a safeguard against unintentional mistakes or bugs in client applications. For example, if a developer (frontend) accidentally introduces an infinite loop or sends too many requests due to a bug, rate limiting prevents these errors from causing a flood of requests to the API. It's not my own API you will stress ๐.
To prevent overload of requests. Because the API server or backend services may be overwhelmed with large number of simultaneous request.
Lastly, Rate limiting enhances scalability. It prevents situations where sudden spikes in traffic or abusive behavior could lead to resource exhaustion and impact the scalability of the entire system ๐.
Make sure to always use rate limiting in your APIs. It's very very important.
Please reach out to me if need be. I'm open to corrections.
Thanks for your patience ๐