😈Rate Limit by Headers

Step 1

Go to you desired dashboard and select the rate limiting option, after that all a page appears of all your listed endpoint and select your desired endpoint.

Step 2

Before proceeding with step 2, let us explain what the 3rd and 4th field are and why they are so important to us at this point.

  • Unique ID to monitor for rate limiting: This field holds details about something unique to every client making a request to the particular endpoint in question, this can be field in the request payload e.g user_id, username, token, api keys e.t.c, that is unique to every client sending a request. This field is used under the hood to track who exactly is making the request so they can be rate limited if they exceed the rate limit conditions

  • Rate limit by: This field is used specify where the unique id is and it has 4 different values which are listed as follows

    • Ip address: This is used to indicate that the endpoint is being rate limited by the Ip address of the client. Ps: To make use Ip address as the preferred option for rate limiting, always set the Unique ID field to host

    • header: This is used to indicate that the endpoint is being rate limited by a value present in the header. The unique id is then set to the name of the header, For example let's take a look at a sample header json { 'name': 'John Doe', 'Content-Type': 'application/json' } If we want to rate limit by the "name" field present in the header json such that for every name, they can only make 1 request in 60 seconds, then for the Unique ID field, we would simply enter name as the field to monitor and choose the header field in the Rate Limit by options.

    • body: This is used to indicate that the endpoint is being rate limited by a field in the body of the incoming request being made to that endpoint.

Now that we know what these two fields do, you can go ahead to edit these fields. To rate limit by header the unique id is then set to the name of the header, For example let's take a look at a sample header json { 'name': 'John Doe', 'Content-Type': 'application/json' } If we want to rate limit by the "name" field present in the header json such that for every name, they can only make 1 request in 60 seconds, then for the Unique ID field, we would simply enter name as the field to monitor and choose the header field in the Rate Limit by options. Your configuration should look something like this below

Image a properly configure rate limiting option.

Viola, now you are all setup!

PreviousRate Limit by IP addressNextRate limit by Body

Last updated