Rate Limit
Prevent abuse by limiting the number of requests a client can make in a given timeframe.
Rate Limit Middleware Block
The Rate Limit Middleware Block protects your endpoint from abuse, brute-force attacks, and high traffic spikes by throttling incoming requests.
Configuration
| Field | Required | Description |
|---|---|---|
| Limit (Requests) | ✅ | The maximum number of requests allowed within the Window size. |
| Window (Seconds) | ✅ | The time frame during which requests are counted (e.g., 60 for one minute). |
| Identifier | ✅ | How to identify the client. Typically IP Address, but can also be an API Key or User ID. |
Behavior
The block tracks the number of requests made by each unique Identifier:
- If the client is under the Limit, the flow proceeds normally.
- If the client exceeds the limit within the Window, the block terminates the flow and sends a
429 Too Many Requestsresponse.
The block automatically attaches X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers to inform the client of their quota.
Output Variable
Specify a Variable Name to store the rate limit status for the current request.
Success Payload
{
"limit": 100,
"remaining": 99,
"resetInSeconds": 59
}Errors & Responses
If the client exceeds the allowed request limit, the flow is immediately terminated and an HTTP response (default 429 Too Many Requests) is sent to the client:
{
"error": true,
"message": "Too many requests. Please try again later.",
"code": "RATE_LIMIT_EXCEEDED"
}If you specify an Output Variable, the error details are also stored there:
{
"error_key": "RATE_LIMIT_EXCEEDED",
"error_message": "Too many requests. Please try again later."
}Common Error Keys: RATE_LIMIT_EXCEEDED, RUNTIME_ERROR, CONFIGURATION_ERROR
