learn hapi — Disable Rate Limiting (Part 6 of 7)

Rate limiting is a security feature that comes with costs you need to manage. For example, once enabled, rate limiting applies to all requests going through your server. This can cause problems when using the rate limiter for both, APIs and web apps.

Sending requests to web applications will render and load the actual website which causes subsequent requests to load CSS, JavaScript, and images.

This may eat up your rate limit, especially during development. When thinking of testing, rate limiting can cause pains, too. Remember the rate limit configuration for the API login which allows ten requests per minute.

Running tests may send more than ten login requests and you can literally see the errors coming in. Also, it’s hard to debug and reproduce these situations because your coworker won't run into the rate limit on their first try.

That’s why you’ll integrate an option to enable or disable the plugin on startup or for individual routes.

The complete package code is available on GitHub in the hapi-rate-limitor repository and NPM at hapi-rate-limitor. Have a look!

hapi Series Overview

  1. JWT Refresh Token for Multiple Devices (Coming soon)
  2. Check Refresh Token in Authentication Strategy (Coming soon)
  3. Rate Limit Your Refresh Token API Endpoint (Coming soon)


Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.