DeveloperBreeze

Build a Custom Rate Limiter in Node.js with Redis

#Node.js #API Security #Express #Node.js tutorial #rate limiter #redis #rate limiting middleware #throttle api requests #node rate limiter #redis rate limiting #express middleware #backend performance #protect api #custom rate limiter #developerbreeze

Protect your API from abuse and learn how rate limiting works under the hood.

When developing web apps or APIs, it’s critical to prevent users from overwhelming your server. That’s where rate limiting comes in. In this guide, we’ll build a custom rate limiter in Node.js using Redis—no libraries, no magic, just code you control and understand.

🚀 What You’ll Learn

  • How to use Redis to count and throttle requests
  • How to implement reusable middleware in Express
  • How to rate limit by IP or API key
  • Why this method is better for learning and customization

🛠 Prerequisites

  • Node.js installed
  • Redis running locally (or via Docker)
  • Basic Express.js knowledge

🧱 Step 1: Set Up the Project

mkdir node-rate-limiter
cd node-rate-limiter
npm init -y
npm install express redis dotenv

Create a .env file:

REDIS_URL=redis://localhost:6379

🔌 Step 2: Connect to Redis

// redisClient.js
const redis = require("redis");

const client = redis.createClient({ url: process.env.REDIS_URL });

client.on("error", (err) => console.error("Redis error:", err));
client.connect();

module.exports = client;

🧠 Step 3: Write the Rate Limiting Middleware

// rateLimiter.js
const client = require("./redisClient");

const rateLimiter = (limit = 100, windowSec = 3600) => {
  return async (req, res, next) => {
    const ip = req.ip;
    const key = `rate_limit:${ip}`;

    const current = await client.get(key);

    if (current !== null && parseInt(current) >= limit) {
      return res.status(429).json({ error: "Too many requests. Try later." });
    }

    const multi = client.multi();
    multi.incr(key);
    if (!current) {
      multi.expire(key, windowSec);
    }
    await multi.exec();

    next();
  };
};

module.exports = rateLimiter;

🌐 Step 4: Use It in Your Express App

// server.js
require("dotenv").config();
const express = require("express");
const rateLimiter = require("./rateLimiter");

const app = express();
const PORT = 3000;

app.use(rateLimiter(100, 3600)); // 100 requests/hour per IP

app.get("/", (req, res) => {
  res.send("Welcome! You're within rate limit.");
});

app.listen(PORT, () => {
  console.log(`Server running on http://localhost:${PORT}`);
});

🧪 Step 5: Test It

Use Postman or curl:

curl http://localhost:3000

After 100 requests within an hour, you’ll get:

{
  "error": "Too many requests. Try later."
}

🧩 Bonus: Rate Limit by API Key

Instead of IP address, use API keys for user-specific limits:

const userKey = req.headers['x-api-key'] || req.ip;
const key = `rate_limit:${userKey}`;

You can now:

  • Offer different limits for free vs paid users
  • Log or monitor usage per user

🎓 Why This Is Valuable

This isn’t just a quick fix—it’s a deep dive into:

  • Atomic operations with Redis
  • Manual request tracking logic
  • Flexibility to customize based on business rules

You’re no longer blindly relying on a package—you understand and control the system.

✅ What’s Next?

Want to extend this?

  • Implement sliding windows
  • Use Redis tokens (token bucket)
  • Add real-time dashboards or admin controls

If you're building any kind of real API, this knowledge will serve you well.

Have questions or want a follow-up tutorial? Leave a comment or reach out—we’d love to help.

🔗 More practical Node.js guides →

Continue Reading

Handpicked posts just for you — based on your current read.

Using Node.js to Run JavaScript 

     npm install lodash
  • Use it in your code:

Dec 10, 2024 Tutorial

Connecting a Node.js Application to an SQLite Database Using sqlite3 

   mkdir sqlite3-tutorial
   cd sqlite3-tutorial

Initialize the project with default settings:

Oct 24, 2024 Tutorial

How to Update Node.js and npm on Ubuntu 

curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -

For Node.js 20 (latest version):

Oct 03, 2024 Tutorial

Building a GraphQL API with Node.js and Apollo Server

This tutorial has covered the basics of setting up a GraphQL API with Node.js and Apollo Server, including creating queries, mutations, and subscriptions. By leveraging GraphQL's powerful features, you can build efficient, flexible, and scalable APIs for your applications.

  • Explore Authentication: Implement authentication and authorization to secure your GraphQL API.
  • Integrate with a Database: Connect your GraphQL server to a database for persistent data storage.
  • Optimize Performance: Use techniques like query batching and caching to improve API performance.

Aug 12, 2024 Tutorial

GraphQL API Server with Node.js and Apollo Server

  • Schema Definition: The typeDefs defines a simple schema with a Book type and queries to fetch books and add a new book.
  • Resolvers: Functions that resolve the queries and mutations. In this case, they return all books and add a new book to the list.

Run the server using Node.js:

Aug 12, 2024 Code

Building a Real-Time Chat Application with WebSockets in Node.js

http://localhost:3000/

In this tutorial, we built a real-time chat application using Node.js and WebSockets. We used Socket.io to establish a persistent connection between the client and server, allowing for real-time message exchange. This foundational knowledge can be extended to build more complex applications that require real-time communication, such as collaborative tools, online gaming, and live updates.

Aug 03, 2024 Tutorial

JWT Token Creation and Verification in Node.js using 'jsonwebtoken'

No preview available for this content.

Jan 26, 2024 Code

Simple HTTP Server in Node.js

No preview available for this content.

Jan 26, 2024 Code

Read and Write Files in Node.js using 'fs' module

No preview available for this content.

Jan 26, 2024 Code

Simple RESTful API in Node.js using Express 

// Import 'express' module
const express = require('express');
const app = express();

// Define a route for accessing a resource
app.get('/api/resource', (req, res) => {
  res.json({ message: 'Resource data' });
});

// Start the server and listen on port 3000
app.listen(3000, () => {
  console.log('RESTful API is running on port 3000');
});

Jan 26, 2024 Code

Date Manipulation and Sum Calculation

No preview available for this content.

Jan 26, 2024 Code

Access Command-line Arguments

No preview available for this content.

Jan 26, 2024 Code

Set and Access Environment Variable

No preview available for this content.

Jan 26, 2024 Code

Event Emitter using 'events' module

No preview available for this content.

Jan 26, 2024 Code

Construct File Path using 'path' module 

// Import 'path' module
const path = require('path');

// Construct a file path using 'path.join'
const filePath = path.join(__dirname, 'files', 'example.txt');

// Log the generated file path
console.log('File Path:', filePath);

Jan 26, 2024 Code

Basic Authentication using 'express-basic-auth' middleware

No preview available for this content.

Jan 26, 2024 Code

Create and Print Buffer

No preview available for this content.

Jan 26, 2024 Code

Hashing Password with SHA-256 using 'crypto' module 

// Import 'crypto' module
const crypto = require('crypto');

// Example password
const password = 'mypassword';

// Create SHA-256 hash of the password
const hash = crypto.createHash('sha256').update(password).digest('hex');

// Log the generated hash
console.log('Hash:', hash);

Jan 26, 2024 Code

Parse URL and Query Parameters

No preview available for this content.

Jan 26, 2024 Code

Execute Shell Command using 'child_process' module

No preview available for this content.

Jan 26, 2024 Code

Discussion 0

Please sign in to join the discussion.

No comments yet. Start the discussion!