Global
rate limiting
API
for distributed applications

Start rate limiting user actions with a couple of lines.
Protect your applications from abuse and ensure high availability for all users.
  • Works everywhere - our API can be used with any language and framework
  • Flexible - rate limit by your internal metadata, like account/user ID per operation
  • Highly available - deployed across multiple regions, low latency, high availability
  • Real-time events - see rate limit requests as they happen
example.ts
import { RateLimit } from '@rlimit/http';
const rlimit = new RateLimit({
namespace: 'example',
maximum: 100,
interval: '1m'
});
const { ok } = await rlimit.check('user:123');
if (!ok) {
throw new Error('rate limited');
}

Features

Rate limiting with batteries included

Keeping a rate limiting count in an in-memory database is one way to go, but we made it durable and global.
No matter where your users are, and for how long you need to keep track of their usage, we have you covered.
Multi regional
Our infrastructure is distributed across multiple regions, offering high availability and low latency from all over the world.
Global replication
We use conflict-free replication of all rate limit counter writes to ensure your rate limiting counters are consistent across all regions.
Durable storage
All rate limiting counters are stored on a fast and durable storage, ensuring your rate limits are always available from anywhere.
Analytics & Events
Dashboard with insights into your rate limiting usage. Real-time stream of rate limit events, allowing debugging with ease.
Webhooks
Integrate with your existing infrastructure using webhooks. Get notified when a rate limit is reached.
Integrations
Integrate with any language or framework. We maintain official libraries for many popular languages and frameworks.

Examples

Integrate with any application stack

Check out following examples in multiple languages and frameworks.
Just copy, paste, and start protecting your application from overuse.
1
// GET rlimit.com anywhere in your code
2
3
const namespace = "example" // your rlimit.com namespace ID
4
const rate = "1/5s" // allow 1 request every 5 seconds
5
const identifier = "user:123" // user ID, IP address, etc
6
7
const limit = await fetch(`https://rlimit.com/${namespace}/${rate}/${identifier}`)
8
if (!limit.ok) {
9
throw new Error('rate limited');
10
}
11
12
// continue processing the request
1
import { RateLimit } from '@rlimit/http';
2
3
const rlimit = new RateLimit({
4
namespace: 'example',
5
maximum: 100,
6
interval: '1m'
7
});
8
9
const limit = await rlimit.check('user:123'); // => 100/1m
10
if (!limit.ok) {
11
throw new Error('rate limited');
12
}
13
14
// optionally, override the default maximum and interval
15
const limit = rlimit.check('superuser:42', {
16
maximum: 500,
17
// interval?: custom
18
}); // => 500/1m
1
import express from 'express';
2
import { rateLimit } from 'express-rate-limit'
3
import { Store } from '@rlimit/storage';
4
5
const app = express();
6
7
let rlimit = rateLimit({
8
// limit IP address to 3 requests every 5 seconds
9
limit: 3,
10
windowMs: 5_000,
11
store: new Store({
12
namespace: 'example', // your rlimit.com namespace ID
13
})
14
})
15
16
app.use(rlimit)
17
app.get('/', async (req, res) => {
18
res.send('Hello World!')
19
});
20
21
app.listen(3000, () => {
22
console.log("Express application started");
23
});
1
import { RateLimit } from "npm:@rlimit/http";
2
3
// initialize rlimit.com client with your namespace ID and default settings
4
const ratelimit = new RateLimit({ namespace: "example", maximum: 5, interval: "10s" });
5
6
// increase count & check result for given identifier
7
const limit = await ratelimit.check("user:123");
8
9
console.info(limit);
10
11
if (!limit.ok) {
12
throw new Error("rate limited!");
13
}
14
15
// continue with some logic
# GET rlimit.com/:namespace/:max/:interval/:identifier
# 1 request per 1h is allowed
curl -X GET --fail "https://rlimit.com/example/1/1h/my-script"
=> { "ok": true, "status": 200, "remaining": 0 }
# more requests within 1h will fail and script exits
curl -X GET --fail "https://rlimit.com/example/1/1h/my-script"
=> curl: (22) The requested URL returned error: 429
1
// middleware.ts
2
export const rateLimitMiddleware: MiddlewareHandler = async (c, next) => {
3
// read accountId from request path
4
const accountId = c.req.param("accountId")
5
6
// limit $accountId to 100 requests every 1h
7
const limit = await fetch(`https://rlimit.com/example/100/1h/${accountId}`)
8
if (!limit.ok) {
9
return c.text("too many requests", 429)
10
}
11
12
await next()
13
}
14
15
// router.ts
16
app.get("/api/:accountId/expensive-operation", rateLimitMiddleware, myHandler);
1
import requests
2
3
identifier = "user:123" # user ID, IP address, etc
4
5
# limit "ip-address-or-user-id" to 100 requests every 1h
6
limit = requests.get("https://rlimit.com/example/100/1h/" + identifier)
7
8
if not limit.ok:
9
# rate limited
10
# for example, reject request
11
pass

Pricing

Pricing plans for teams of all sizes

A plan for every size — from a hobby project to enterprise.
Free tier available, no credit card needed. No hard limits, no hidden fees, and support in every paid plan.

Pay as you go

$5/month

+ $0.25 / 100k requests

The essentials to get you started.

  • 5M requests included
  • Up to 1k RPS
  • Up to 24h intervals
  • Global write replication
  • Basic analytics
Try it for free

Business

Most popular

$49/month

+ $0.2 / 100k requests

A plan that scales with your rapidly growing business.

  • 50M requests included
  • Unlimited RPS
  • Up to 30d intervals
  • Global write replication
  • Advanced analytics
  • Webhooks
Try it for free

Enterprise

Contact us

No overage fees.

For businesses with high volume traffic and advanced needs.

  • Unmetered requests
  • Unlimited RPS
  • Up to 90d intervals
  • Global write replication
  • Dedicated support
  • Subnamespacing
  • Logging
  • Advanced analytics
  • Multi-user account
  • Webhooks
Contact us
Pricing is exclusive of taxes and additional local tax may be collected.

Free tier

Free tier available, no credit card needed. Up to 10k requests per day.

FAQs

Frequently Asked Questions