As a developer, one of the most rewarding experiences is bringing an idea to life. I recently embarked on a project called devTinder, a platform designed to connect developers and tech enthusiasts for collaboration and networking. As I prepared for the deployment phase (only backend), I realized that ensuring fair usage of resources was paramount to the success of my project. I wanted to protect my application from potential misuse and abuse, so I decided to implement rate limiting using Unkey.
Why Unkey & How I came to know about Unkey?
My journey with Unkey began during the ongoing Hacktoberfest 2024, an event that celebrates open-source contributions and encourages developers to collaborate on exciting projects. As I learned more about its capabilities, I realized that Unkey also offered exactly what I needed for devTinder ie rate-limiting. Now let's answer the question why Unkey:
Open Source:
Unkey is built on an open-source model, allowing developers to contribute, customize, and adapt the tool to fit their specific needs. This fosters a collaborative community that continuously improves the platform.Protection Against DoS Attacks:
With robust rate limiting features and simple to integrate, Unkey can provides essential protection against Denial of Service (DoS) attacks. It prevent excessive or abusive use of a resource and to ensure that the resource is available to all legitimate users.No Credit Card Required:
Getting started with Unkey is hassle-free—there’s no need to provide credit card information. This allows developers to explore the platform without any financial commitments, making it accessible for projects of all sizes.
Using Unkey rate-limiting feature
Give a name and in the Workspace section make sure to check all options of Ratelimit. Then click on Create new Key.
Copy your key, it will be shown as Your API key
If you feel lost, you can follow their well documented doc.
Now copy the above key in your .env file and make sure to keep the key as UNKEY_ROOT_KEY.
eg. UNKEY_ROOT_KEY="unkey_************************"
Now we need to create a file rateLimit.ts (filename is not fixed)
to store the ratelimit configuration.
Final step
I want to protect my routes /signup and /login from being misuse, so I will protect this two routes. Below is the code
Note: you only need those 4-5 line to get rate-limiting in your app. Yes, it's that easy and it works like magic.
Demo:
Conclusion:
If you’re considering launching your own application, I highly recommend looking into rate limiting as a means of protecting your resources and ensuring fair usage. Tools like Unkey make it easier than ever to implement these features, allowing you to focus on what you do best—building great software!
Top comments (2)
How does it do rate limiting?
I noticed you are just returning a human readable error with a 429 status.
Does the
ratelimitobject provide the information to populate the usual machine readable rate limit headers:The non-standard rate limit headers:
can be hardcoded to be the same as the rate limit definition.
But if you have multiple rate limits:
getting this data from the
ratelimitermakes it less complicated.Hi John,
currently unkey uses fixed window and they are working towards sliding window for better burst.
you can refer unkey.com/docs/libraries/ts/ratelimit#ratelimitresponse regarding the ratelimit object info (Check RatelimitResponse
object).
Inshort you can get the standard rate-limit headers.
Infact, i tried highlighting in the example by using "You have ${ratelimit.remaining}".