Setting Up Rate Limiting for Endpoints

Introduction

Zen by Aikido allows you to set up rate limiting on API endpoints to protect your application from abuse, such as preventing excessive password reset requests. You can rate limit both REST API endpoints as well as GraphQL APIs.

Supported Functionality

Set rate limiting on specific endpoints
Set rate limiting on multiple endpoints by adding a wildcard* endpoint
Set rate limiting on IP address or user ID
Disable protection for a specific endpoint instead disabling protection for your entire app.

Check the functionality support matrix to see if your framework supports rate limiting.

How to set up rate limiting

Step 1: Navigate to a specific app and open the Endpoints tab

Step 2: Open Action Menu of the specific endpoint you wish to apply rate limiting to. Clicking Setup rate limiting will open a modal.

Step 3: Enable Rate Limiting and specify the number of requests allowed per timeframe. Save by updating the endpoint.

Config changes take up to 1 minute to take effect.

Setting up rate limiting for multiple endpoints at once

You can set up rate limiting for multiple endpoints at once by adding a wildcard endpoint.

Step 1. On the endpoints page, click Add Endpoint.

Step 2. Add a wildcard endpoint by adding an * in the route.

Step 3. The wildcard will appear now in the list. Proceed to set up rate limiting the same way as above.

Setup and Installation of Zen for NodeJS

Block Users with Zen