Rubik’s Cube with code background
Tutorials

How to Add Rate Limiting to your Flask API in 2 lines of Code

Posted by

In this tutorial, you will learn how to rate limit requests to your Flask API to avoid users from hogging your resources.

First, create a simple Flask API

from flask import Flask

app = Flask('app')

@app.route('/')
def hello_world():
  return 'Hello, World!'

app.run(host='0.0.0.0', port=8080)

It has a single endpoint that returns the string Hello World. We will add a limit of a maximum of 5 requests per minute on this endpoint.

First, install the library flask_limiter

pip3 install flask_limiter

Next, update your Flask API with these couple of lines (Line #2 and Line #5)

from flask import Flask
from flask_limiter import Limiter,util

app = Flask('app')
limiter = Limiter( app, key_func=util.get_remote_address,default_limits=["5 per minute"])

@app.route('/')
def hello_world():
  return 'Hello, World!'

app.run(host='0.0.0.0', port=8080)

By default, all your endpoints will have a limit of max of 5 requests per minute. You can specify different limits in a similar string format

{number_of_requests} per {time_metric=second||minute||hours||day}

Adding Multiple Rate Limits

When creating an instance of Limiter, you can add multiple rate limits like below

limiter = Limiter( app, 
          key_func=util.get_remote_address,
          default_limits=[
            "5 per minute",
            "50 per hour",
            "200 per day"
          ])

Override the default rate limit or add an additional rate limit to a specific endpoint 

@app.route('/customEndpoint1')
@limiter.limit('2 per minute',override_defaults = True)
def custom1():
  return 'This endpoint has a rate-limit of 2 per minute'

The parameter override_defaults is a boolean. If it is set to True, only the limit specified above the endpoint will be enforced. If it is set to False, the limit specified above the endpoint will be added to the default rate limit.

How to not enforce rate limits on specific endpoints

@app.route('/customEndpoint2')
@limiter.exempt
def custom2():
  return 'This endpoint has no rate limit, make as many requests as you want'

Flask API with Rate Limiting

Below is the complete code with 4 endpoints

from flask import Flask
from flask_limiter import Limiter,util

app = Flask('app')
limiter = Limiter( app, key_func=util.get_remote_address,default_limits=["5 per minute"])

# Default Rate-Limit 
@app.route('/')
def hello_world():
  return 'Hello, World!'

# Rate Limit of 2 per minute 
@app.route('/customEndpoint1')
@limiter.limit('2 per minute',override_defaults = True)
def custom1():
  return 'This endpoint has a rate-limit of 2 per minute'

# No Rate Limit
@app.route('/customEndpoint2')
@limiter.exempt
def custom2():
  return 'This endpoint has no rate limit, make as many requests as you want'

# Rate Limit of 10 per hour on top of Default Rate Limit
@app.route('/customEndpoint3')
@limiter.limit('10 per hour',override_defaults = False)
def custom3():
  return 'This endpoint has a rate-limit of 10 per hour and 5 per minute'

app.run(host='0.0.0.0', port=8080)

Conclusion

I hope you found this short tutorial helpful. Check out this article if you are interested in learning how to send/receive data in Flask.

Leave a Reply

Your email address will not be published. Required fields are marked *