An API rate limiter is a server-side component of a web service that limits the number of API requests a client can make to an endpoint within a period of time. For example, X (formerly known as Twitter) limits the number of tweets that a specific us...

freeCodeCamp is a nonprofit organization offering free online coding courses and programming tutorials, covering topics such as web development, data science, and machine learning. Learners can gain practical coding skills, build real-world projects, and earn certifications to advance their careers in tech.

freeCodeCamp

Rate limiters control API request frequency to prevent abuse and manage costs. This guide implements an in-memory rate limiter for Next.js using the fixed window algorithm, tracking requests by unique identifiers and blocking excess traffic with 429 responses. The implementation stores usage data in a Map, automatically clears expired entries, and can be applied to any API route. Artillery load testing confirms the limiter accurately enforces limits (12 requests per 60 seconds) even under high traffic, with 99% of requests maintaining sub-100ms latency.

How to Build an In-Memory Rate Limiter in Next.js

How to Load Test the Rate Limiter for Resilience with Artillery