Rate Limiting
Protect your API from abuse even with payments enabled.
import { RateLimiter } from '@vanta/middleware'
const limiter = new RateLimiter({
max: 100, // requests per window
window: 60, // window in seconds
key: (req) => req.headers['x-api-key'] || req.ip,
})
app.use('/api', limiter.middleware())Usage Quotas
import { QuotaManager } from '@vanta/middleware'
const quotas = new QuotaManager({
storage: redisClient,
defaults: {
pricePerUnit: '0.0001',
initialUnits: 10000,
},
})
// Check quota before processing
const hasQuota = await quotas.check(apiKey, estimatedUsage)
if (!hasQuota) {
// Return 402 for more credits
}
// Deduct after processing
await quotas.deduct(apiKey, actualUsage)Tiered Rate Limits
const limiter = new RateLimiter({
tiers: {
free: { max: 10, window: 60 },
basic: { max: 100, window: 60 },
premium: { max: 1000, window: 60 },
},
getTier: (req) => req.vanta?.claims?.tier || 'free',
})