Global
rate limiting
API
for distributed applications

Start rate limiting user actions with a couple of lines.
Protect your applications from abuse and ensure high availability for all users.

Works everywhere - our API can be used with any language and framework
Flexible - rate limit by your internal metadata, like account/user ID per operation
Highly available - deployed across multiple regions, low latency, high availability
Real-time events - see rate limit requests as they happen

example.ts

import { RateLimit } from '@rlimit/http';

const rlimit = new RateLimit({ 
  namespace: 'example', 
  maximum: 100,
  interval: '1m'
});

const { ok } = await rlimit.check('user:123');

if (!ok) {
  throw new Error('rate limited');
}

Features

Rate limiting with batteries included

Keeping a rate limiting count in an in-memory database is one way to go, but we made it durable and global.
No matter where your users are, and for how long you need to keep track of their usage, we have you covered.

Multi regional

Our infrastructure is distributed across multiple regions, offering high availability and low latency from all over the world.

Global replication

We use conflict-free replication of all rate limit counter writes to ensure your rate limiting counters are consistent across all regions.

Durable storage

All rate limiting counters are stored on a fast and durable storage, ensuring your rate limits are always available from anywhere.

Analytics & Events

Dashboard with insights into your rate limiting usage. Real-time stream of rate limit events, allowing debugging with ease.

Webhooks

Integrate with your existing infrastructure using webhooks. Get notified when a rate limit is reached.

Integrations

Integrate with any language or framework. We maintain official libraries for many popular languages and frameworks.

Examples

Integrate with any application stack

Check out following examples in multiple languages and frameworks.
Just copy, paste, and start protecting your application from overuse.

1
// GET rlimit.com anywhere in your code
2

3
const namespace = "example" // your rlimit.com namespace ID
4
const rate = "1/5s" // allow 1 request every 5 seconds
5
const identifier = "user:123" // user ID, IP address, etc
6

7
const limit = await fetch(`https://rlimit.com/${namespace}/${rate}/${identifier}`)
8
if (!limit.ok) {
9
  throw new Error('rate limited');
10
}
11

12
// continue processing the request

1
import { RateLimit } from '@rlimit/http';
2

3
const rlimit = new RateLimit({ 
4
  namespace: 'example', 
5
  maximum: 100, 
6
  interval: '1m' 
7
});
8

9
const limit = await rlimit.check('user:123'); // => 100/1m
10
if (!limit.ok) {
11
  throw new Error('rate limited');
12
}
13

14
// optionally, override the default maximum and interval
15
const limit = rlimit.check('superuser:42', { 
16
  maximum: 500,
17
  // interval?: custom
18
}); // => 500/1m

1
import express from 'express';
2
import { rateLimit } from 'express-rate-limit'
3
import { Store } from '@rlimit/storage';
4

5
const app = express();
6

7
let rlimit = rateLimit({
8
  // limit IP address to 3 requests every 5 seconds
9
  limit: 3, 
10
  windowMs: 5_000,
11
  store: new Store({
12
    namespace: 'example', // your rlimit.com namespace ID
13
  })
14
})
15

16
app.use(rlimit)
17
app.get('/', async (req, res) => {
18
  res.send('Hello World!')
19
});
20

21
app.listen(3000, () => {
22
  console.log("Express application started");
23
});

1
import { RateLimit } from "npm:@rlimit/http";
2

3
// initialize rlimit.com client with your namespace ID and default settings
4
const ratelimit = new RateLimit({ namespace: "example", maximum: 5, interval: "10s" });
5

6
// increase count & check result for given identifier
7
const limit = await ratelimit.check("user:123");
8

9
console.info(limit);
10

11
if (!limit.ok) {
12
  throw new Error("rate limited!");
13
}
14

15
// continue with some logic

# GET rlimit.com/:namespace/:max/:interval/:identifier

# 1 request per 1h is allowed
curl -X GET --fail "https://rlimit.com/example/1/1h/my-script"
=> { "ok": true, "status": 200, "remaining": 0 }

# more requests within 1h will fail and script exits
curl -X GET --fail "https://rlimit.com/example/1/1h/my-script"
=> curl: (22) The requested URL returned error: 429

1
// middleware.ts
2
export const rateLimitMiddleware: MiddlewareHandler = async (c, next) => {
3
  // read accountId from request path
4
  const accountId = c.req.param("accountId")
5

6
  // limit $accountId to 100 requests every 1h
7
  const limit = await fetch(`https://rlimit.com/example/100/1h/${accountId}`)
8
  if (!limit.ok) {
9
      return c.text("too many requests", 429)
10
  }
11

12
  await next()
13
}        
14

15
// router.ts
16
app.get("/api/:accountId/expensive-operation", rateLimitMiddleware, myHandler);

1
import requests
2

3
identifier = "user:123" # user ID, IP address, etc
4

5
# limit "ip-address-or-user-id" to 100 requests every 1h
6
limit = requests.get("https://rlimit.com/example/100/1h/" + identifier)
7

8
if not limit.ok:
9
    # rate limited
10
    # for example, reject request
11
    pass

Pricing

Pricing plans for teams of all sizes

A plan for every size — from a hobby project to enterprise.
Free tier available, no credit card needed. No hard limits, no hidden fees, and support in every paid plan.

Pay as you go

$5/month

+ $0.25 / 100k requests

The essentials to get you started.

5M requests included
Up to 1k RPS
Up to 24h intervals
Global write replication
Basic analytics

Try it for free

Business

Enterprise

No overage fees.

For businesses with high volume traffic and advanced needs.

Unmetered requests
Unlimited RPS
Up to 90d intervals
Global write replication
Dedicated support
Subnamespacing
Logging
Advanced analytics
Multi-user account
Webhooks

Pricing is exclusive of taxes and additional local tax may be collected.

Free tier

Free tier available, no credit card needed. Up to 10k requests per day.

FAQs

Frequently Asked Questions

How is it different from just using Redis?

What is the API latency?

Why is rlimit.com designed for application layer?

Where is rlimit.com hosted?

What are webhooks and how can I use them?

Is rlimit.com production ready?

Global rate limiting API for distributed applications