How to Implement Rate Limiting in FastAPI with SlowAPI
This tutorial explains how to add request rate limiting to a FastAPI application using the SlowAPI library, covering both IP‑based limits and custom token‑based strategies, with installation steps, code examples, and best‑practice recommendations.
In this article I will show you how to implement request rate limiting in FastAPI.
Module Introduction
We will use SlowAPI , a library that enables rate limiting in FastAPI applications. It helps developers restrict how often clients can call the API, protecting server resources and improving stability. SlowAPI supports IP‑based or custom variable (e.g., token) rate‑limit strategies.
For IP‑based limiting, SlowAPI uses the client’s IP address as the identifier, limiting each IP’s request count within a time window. For token‑ or variable‑based limiting, developers can provide a custom function (e.g., get_token ) to extract information from request headers such as Authorization and use that as the limiting key.
Install SlowAPI with:
<code>pip install slowapi</code>Combined with FastAPI, we can implement two types of rate limiting:
IP‑based rate limiting
Token or variable‑based rate limiting
Specific Implementation
IP‑Based Rate Limiting
This is the default method of SlowAPI.
<code>from fastapi import FastAPI
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded
limiter = Limiter(key_func=get_remote_address)
app = FastAPI()
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
@app.get("/home")
@limiter.limit("5/minute")
async def homepage(request: Request):
return PlainTextResponse("test")
@app.get("/mars")
@limiter.limit("5/minute")
async def mars_endpoint(request: Request, response: Response):
return {"key": "value"}
</code>Token or Variable‑Based Rate Limiting
If you prefer to use a custom variable instead of the default IP address, you can define your own key function.
<code>from slowapi import Limiter, _rate_limit_exceeded_handler
from starlette.requests import Request
from slowapi.errors import RateLimitExceeded
def get_token(request: Request) -> str:
"""Return token from request headers"""
token = request.headers.get("Authorization")
if not token:
return "127.0.0.1"
return token
limiter = Limiter(key_func=get_token)
app = FastAPI()
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
@app.get("/home")
@limiter.limit("5/minute")
async def homepage(request: Request):
return PlainTextResponse("test")
@app.get("/mars")
@limiter.limit("5/minute")
async def mars_endpoint(request: Request, response: Response):
return {"key": "value"}
</code>Conclusion
We have detailed how to use SlowAPI to implement request rate limiting in FastAPI, whether through simple IP‑based limits or more complex token/variable strategies. Proper configuration protects server resources from abuse and enhances overall stability and user experience.
Hope this guide helps you quickly get started with SlowAPI and apply rate limiting in real projects. For further questions or extensions, refer to the official SlowAPI documentation and community resources. Remember, safeguarding server resources is a key responsibility for every developer, and rate limiting is a crucial tool to achieve that.
Code Mala Tang
Read source code together, write articles together, and enjoy spicy hot pot together.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.