learn hapi — IP-Based Rate Limits (Part 1 of 7)

Security is an essential part of your API. It’s your interest to not expose any sensitive user data to the Internet. You’re already hashing the user passwords and store them in an encrypted JWT.

Another step in protecting your API endpoints is to secure them against brute-force attacks. Brute-force attacks may target different parts of your application. Here are two exemplary brute force attacks: an attack to gain access to an admin account by using dictionary attacks for user logins or taking your API down due to the sheer amount of incoming requests that your server can’t handle.

To protect against these attacks, you’ll build your own hapi rate limiting plugin. We’ve published our code as hapi-rate-limitor on GitHub and NPM. Have a look!

hapi Series Overview

  1. JWT Refresh Token for Multiple Devices (Coming soon)
  2. Check Refresh Token in Authentication Strategy (Coming soon)
  3. Rate Limit Your Refresh Token API Endpoint (Coming soon)


Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.