Eduardo
Reputation: 5943
How to rate limit a node.js API that uses JWT?
I have a node.js application that runs on different servers/containers. Clients are authenticated with JWT tokens. I want to protect this API from DDos attacks. User usage limit settings can be stored in the token. I've been thinking about som approaches:
- Increment counters in a memory database like redis or memcached and check it on every request. Could cause bottlenecks?.
- Do something in a nginx server (is it possible?)
- Use some cloud based solution (AWS WAF? Cloudfront? API Gateway? Do they do what I want?)
How to solve this?
Upvotes: 1
Views: 1708
Answers (1)
Łukasz Szewczak
Reputation: 1881
There are dedicated npm packages like
express-rate-limithttps://www.npmjs.com/package/express-rate-limitratelimiterhttps://www.npmjs.com/package/ratelimiter
I don't know about AWS but in Azure you can use Azure API Management to secure your api https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts
Upvotes: 1
Related Questions
- How to deal with api that rate limits requests?
- Throttle and queue up API requests due to per second cap
- Nodejs Security issue client sending request
- Nodejs Express, How to rate limit each user of my website when calling my API?
- Node.js HTTP how to do an HTTP request rate limit?
- apply rate limit login api on IP specific not gloablly
- Node js Rate Limit
- Use NGINX Rate Limiting with tokens
- Rate limit API queries in node.js
- node.js application-level rate limiting of 3rd party API calls