Zoom Webinar: Learn and enhance your TypeScript skills | 28th March 2023 | 10 AM PST [10:30 PM IST] Register here

Let your App Breathe Freely, Handle API Rate Limit With DhiWise Node.js Builder



May 1, 2022


May 1, 2022




For developers, it's critical to ensure APIs are secure and running efficiently. Limiting APIs requests, also known as rate limiting, protects applications against poor performance by restricting the number of overwhelming requests from the client. 

The rate-limiting controls the number of requests sent or received by the network interface controller.  It protects the app against web scraping and denial of service attacks (DoS), which can target a server with unlimited API requests. 

Let’s understand in detail about API rate limit, its types, and how to implement it with DhiWise. 

What is an API rate limit?

Consider an example, a newly launched application has gained popularity overnight resulting in rising traffic. In such a situation, if the API request is not managed it will cause server lag time. API limiting makes your application scalable by rejecting the requests that exceed the set limit. 

The API rate limits are set on/API endpoints that control the large spike in the API calls, by limiting the number of requests made over a specific time frame.

 If a user sends too many requests, API limiting throttle client connection rather than disconnecting it immediately.  

Throttling allows clients to use API services while still protecting your API.   When this limit is exceeded, it will generate an error message “Too many requests” with the status code 429. It indicates that there are too many requests in the given amount of time. 

Therefore, allowing unlimited access to your API can limit the business’s success.

To prevent API from DoS attacks and app crashes different types of rate-limiting methods can be implemented.   

  1. User/application rate limiting: 

It limits the number of API requests or the quantity of data users can consume. If the user exceeds the rate limit, then the request will be denied. 

  1. Geographical/ time-based rate limiting: 

Developers can set rate limits for certain geographical regions, for a particular time. For example, if developers know that users in a particular area won’t be active during the night 12 am to 4 am then developers can define lower rate limits for that period. 

It comes under the preventive measure to help further reduce the risk of any suspicious attack. 

  1. Backend/server rate limiting

Developers can define rate limits at the server level, which means developers can limit the traffic on the particular server if there are multiple servers.

How to implement API rate limit with DhiWise for the Node.js app?

DhiWise is a web and mobile app development platform that aims to empower developers by accelerating the process of app development and maintaining high code quality.”  

Implementing the API rate limit is an arduous and time-consuming process. There are multiple ways to configure the API rate limit. Some frameworks have built-in API rate limiting capabilities that save developers time.

However, with DhiWise, handling the API rate limit is a breeze. 

Let’s see how to implement the API rate limit for the Node.js backend application using DhiWise.

API security Setting in DhiWise

DhiWise enables developers to manage API security settings through various options. Developers can manage the number of API calls per minute or within a particular time frame to avoid unnecessary activities.  

The following snapshot shows different options developers can choose to manage API security in the Node.js backend application.


  • Rate limit

This option helps developers to limit the number of times API is used on the application. Once the number goes beyond the set limit the API will be restricted from the app.  

  • Rate limit re-active time(in minutes)

Another way to control API access through Rate limit is by setting a certain time duration for which the API is to be used again if it goes over the set limit. 

  • Token expiry time (in minutes)

Developers can set the token expiry time for an activated session on the application once the token is expired the user will automatically log out. 

  • Socket

By enabling the socket, boilerplate code will be included in the code after the build. Generated code will be found at app_config.js and service folder.

  • Activity Log

By enabling the activity log, boilerplate code will be included in the code after the build. The Generated code will be found at the activityLog.js in the model and middleware folder.


So, we have learned about API rate limiting its types and how developers can enforce API security by implementing API rate limiting options with DhiWise.

Visit DhiWise for more information and sign up today to experience the better.