Create your Redis instance

For the rate limit to work, we need to create an Upstash Redis and get its credentials. To create an Upstash Redis, you can follow the Upstash Redis “Get Started” guide.

Add Ratelimit to Your Project

Once we have a Redis instance, next step is adding the rate limit to your project in its most basic form.

Install Ratelimit

First, we need to install @upstash/ratelimit:

npm install @upstash/ratelimit

Add Ratelimit to Your Endpoint

Next step is to add Ratelimit to your endpoint. In the example below, you can see how to initialize a Ratelimit and use it:

import { Ratelimit } from "@upstash/ratelimit"; // for deno: see above
import { Redis } from "@upstash/redis";

// Create a new ratelimiter, that allows 10 requests per 10 seconds
const ratelimit = new Ratelimit({
  redis: Redis.fromEnv(),
  limiter: Ratelimit.slidingWindow(10, "10 s"),
  analytics: true,
  /**
   * Optional prefix for the keys used in redis. This is useful if you want to share a redis
   * instance with other applications and want to avoid key collisions. The default prefix is
   * "@upstash/ratelimit"
   */
  prefix: "@upstash/ratelimit",
});

// Use a constant string to limit all requests with a single ratelimit
// Or use a userID, apiKey or ip address for individual limits.
const identifier = "api";
const { success } = await ratelimit.limit(identifier);

if (!success) {
  return "Unable to process at this time";
}
doExpensiveCalculation();
return "Here you go!";

For Cloudflare Workers and Fastly Compute@Edge, you can use the following imports:

import { Redis } from "@upstash/redis/cloudflare"; // for cloudflare workers and pages
import { Redis } from "@upstash/redis/fastly"; // for fastly compute@edge

In this example, we initialize a Ratelimit with an Upstash Redis. The Uptash Redis instance is created from the environment variables and passed to the Ratelimit instance. Then, we check the access rate using the ratelimit.limit(identifier) method. If the success field is true, we allow the expensive calculation to go through.

For more examples, see the Examples.

Set Environment Variables

Final step is to update the environment variables so that the Ratelimit can communicate with the Upstash Redis. UPSTASH_REDIS_REST_URL and UPSTASH_REDIS_REST_TOKEN environment variables must be set in order for the Redis.fromEnv() command to work. You can get the values of these environment variables from the Upstash Console by navigating to the page of the Redis instance you created.

An alternative of using the Redis.fromEnv() method is to pass the variables yourself. This can be useful if you save these environment variables with a different name:

new Redis({
  url: 'https://****.upstash.io',
  token: '********',
})

Here is how you can set the environment variables in different cases:

Go to the “Settings” tab in your project. In the menu to the left, click “Environment Variables”. Add UPSTASH_REDIS_REST_URL and UPSTASH_REDIS_REST_TOKEN environment variables and their values.

Serverless Environments

When we use ratelimit in a serverless environment like CloudFlare Workers or Vercel Edge, we need to be careful about making sure that the rate limiting operations complete correctly before the runtime ends after returning the response.

This is important in two cases where we do some operations in the backgroung asynchronously after limit is called:

  1. Using MultiRegion: synchronize Redis instances in different regions
  2. Enabling analytics: send analytics to Redis

In these cases, we need to wait for these operations to finish before sending the response to the user. Otherwise, the runtime will end and we won’t be able to complete our chores.

In order to wait for these operations to finish, use the pending promise:

const { pending } = await ratelimit.limit("id");
context.waitUntil(pending);

See waitUntil documentation in Cloudflare and Vercel for more details.

Customizing the Ratelimit Algorithm

There are several algorithms we can use for rate limiting. Explore the different rate-limiting algorithms available; how they work, their advantages and disadvantages in the Algorithms page. You can learn about the cost in terms of the number of commands, by referring to the Costs page.

Methods

In our example, we only used the limit method. There are other methods we can use in the Ratelimit. These are:

  • blockUntilReady: Process a request only when the rate-limiting algorithm allows it.
  • resetUsedTokens: Reset the rate limiter state for some identifier.
  • getRemaining: Get the remaining tokens/requests left for some identifier.

To learn more about these methods, refer to the Methods page.

Features

To configure the your Ratelimit according to your needs, you can make use of several features:

Caching

Handle blocked requests without having to call the Redis Database

Timeout

If the Redis call of the ratelimit is not resolved in some timeframe, allow the request by default

Analytics & Dashboard

Collect information on which identifiers made how many requests and how many were blocked.

Multiple Limits

Use different limits for different kinds of requests (example: paid and free users)

Custom Rates

Consume different amounts of tokens in different requests (example: limiting based on request/response size)

Multi Region

Utilize several Redis databases in different regions to serve users faster

For more information about the features, see the Features page.

Was this page helpful?

OverviewMethods