In this guide we'll add simple Rate Limiting to a route. If you don't have one
ready, complete Step 1 first.
Rate Limiting is one of our most popular policies - you should never ship an
API without rate limiting because your customers or internal developers will
accidentally DoS your API; usually with a rogue useEffect call in React code.
What's a Policy?
Policies are modules that can intercept and transform an
incoming request or outgoing response. Zuplo offers a wide range of policies
built-in (including rate limiting) to save you time. You can check out
the full list.
Zuplo offers a programmable approach to rate limiting that allows you to vary
how rate limiting is applied for each customer, or request.s
In this example, we'll add a simple IP based rate limiter, but you should look
into dynamic rate limiting to see the full power of the world's best rate
limiter.
Add the rate-limiting Policy
Code
Navigate to your route in the **Route Designer** (**Code** > `routes.oas.json`),click the **Policies** dropdown, then click **Add Policy** on the requestpipeline.<ModalScreenshot></ModalScreenshot>Search for the rate limiting policy (not the "Complex" one) and click it.<ModalScreenshot></ModalScreenshot>By default, the policy will rate limit based on the caller's IP address (asindicated by the `rateLimitBy` field). It will allow 2 requests(`requestsAllowed`) every 1 minute (`timeWindowMinutes`). You can explore therest of the policy's documentation and configuration in the right panel.To apply the policy, click **OK**. Then, save your changes to redeploy.
Testing your Policy
Code
Now try firing some requests against your API. You should receive a **429 Toomany requests** on your 3rd request.<ModalScreenshot></ModalScreenshot>Your rate limiting policy is now intercepting excess requests, protecting the`getting-started` API.
