FluxyAPIFluxyAPI
BlocksMiddleware

Rate Limit

Prevent abuse by limiting the number of requests a client can make in a given timeframe.

Rate Limit Middleware Block

The Rate Limit Middleware Block protects your endpoint from abuse, brute-force attacks, and high traffic spikes by throttling incoming requests.

Configuration

FieldRequiredDescription
Limit (Requests)The maximum number of requests allowed within the Window size.
Window (Seconds)The time frame during which requests are counted (e.g., 60 for one minute).
IdentifierHow to identify the client. Typically IP Address, but can also be an API Key or User ID.

Behavior

The block tracks the number of requests made by each unique Identifier:

  1. If the client is under the Limit, the flow proceeds normally.
  2. If the client exceeds the limit within the Window, the block terminates the flow and sends a 429 Too Many Requests response.

The block automatically attaches X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers to inform the client of their quota.

Output Variable

Specify a Variable Name to store the rate limit status for the current request.

Success Payload

{
  "limit": 100,
  "remaining": 99,
  "resetInSeconds": 59
}

Errors & Responses

If the client exceeds the allowed request limit, the flow is immediately terminated and an HTTP response (default 429 Too Many Requests) is sent to the client:

{
  "error": true,
  "message": "Too many requests. Please try again later.",
  "code": "RATE_LIMIT_EXCEEDED"
}

If you specify an Output Variable, the error details are also stored there:

{
  "error_key": "RATE_LIMIT_EXCEEDED",
  "error_message": "Too many requests. Please try again later."
}

Common Error Keys: RATE_LIMIT_EXCEEDED, RUNTIME_ERROR, CONFIGURATION_ERROR

On this page