X-api-key rate limiting

As also stated in this Cloudflare blog post Introducing Advanced Rate Limiting (Introducing Advanced Rate Limiting) simple IP based rate limiting is often not sufficient, especially not for API’s.

The Advanced Rate Limiting is only for Enterprise+ customers and contains a lot of options.

I’m considering using Cloudflare Pages/Workers for exposing a REST API using Astro build but it needs rate limiting.

Nothing advanced, simply based on x-api-key header x requests per x period.

As this is not available for Pro users I wonder

  1. Is Cloudflare considering offering these kind of features to Pro users in the future?
  2. How are other users implementing this currently? Some 3th party library that can be advised?
  1. No telling if Cloudflare is planning on trickling down that feature to lower plans. They don’t say much about product roadmaps.

  2. The only other Cloudflare option would be a Worker. Here’s what ChatGPT-4 came up with:
    Rate Limiting Worker - Pastebin.com

2 Likes

Thx for the reply @sdayman

Indeed, I was also thinking about storing counters in KV.
I will check if there is some lib that can do the “heavy” lifting… I used bucket4j (Java) and that works really nice.

1 Like