Contact
LoginGet started

Rate protection

Rate Limiting

Restrict traffic to your APIs, limiting consumption and protecting your origin from abuse with flexible, per-proxy rate limits — all without writing a line of code.

Start for Free Read the Docs

Per-Proxy Limits

Apply different rate limits per proxy — configured once in your proxy and enforced everywhere.

Enforcement at the Proxy

Rate-limit decisions are enforced within RequestRocket's serverless infrastructure, before forwarding, so third party applications never exceed your quota.

Notification Alerts

Receive alerts when a rate limit is exceeded. Configure email alerts through our API or dashboard.

Usage Tracking

Custom Metering

Go beyond simple request counting. Attach meters to any proxy to track consumption in real time — either by counting requests or by extracting a numeric value from each API response, such as AI token usage. Meters enforce limits across any combination of time windows (minute, hour, day, month) and can be scoped to specific request patterns using conditional predicates. Run a meter without a limit to observe usage in telemetry before you ever block a request.

Learn more in the docs
Usage Meters
2 active
COUNT
API Requestsrequest_count · per minute
0/ 1,000
minutehourday
VALUE
AI Token Usageresponse_value · per day
0/ 100k
hourdaymonth
Extracted from response.usage.total_tokens

Traffic Control

Flexible Rate-Limits

Choose the right enforcement model for your API. Apply a counter-based rate limit that increments by one for every matching request, or a value-based limit that accumulates a numeric figure extracted from the response body or a header — ideal for enforcing token budgets, data-transfer caps, or any usage-unit your upstream API exposes. Limits can span any window from per-minute to per-month.

Learn more in the docs
Live Rate Limit
LIVE

Traffic Control

API Configuration

Configure a rate through our API or dashboard. RequestRocket is a programmable API platform, so you can configure your rate limits within your own code.

Learn more in the docs
rules.json
{
  "proxyName": "My API",
  "proxyRegion": "{{Region / Deployment}}",
  "clientId": "{{clientId}}",
  "userId": "{{userId}}",
  "parentId": "{{parentId}}",
  "proxyProxyCredentialId": "{{ProxyCredentialId}}",
  "proxyTargetCredentialId": "{{TargetCredentialId}}",
  "proxyTargetId": "{{TargetId}}",
  "proxyAdditionalHeaders": {
    "TargetId": "123454"
  },
  "proxyAdditionalQueryParams": null,
  "proxyAdditionalData": null,
  "proxyMaxRequestsPerMinute": 100,
  "proxyMaxRequestsPerDay": 1000,
  "proxyMaxBackoff": 10,
  "proxyMaxRetryCount": 3,
  "proxyActive": true
}

Traffic Control

Enforcement in Region

Limits are enforced at the proxy in each region into which you deploy. Decisions happen after authentication and before any request is forwarded to your APIs.

Learn more in the docs
Edge Locations
Enforcing
130+Availability Zones
< 2msDecision Latency
100%Data Sovereignty

More RequestRocket Features

One platform, every API control

AuthenticationDrop-in API auth in minutes
AuthorizationDeclarative access control
Rate LimitingYou're here
Data RedactionMask PII before it leaks
ObservabilitySee every call, stream anywhere
Developer APIsAutomate everything via REST
Not sure where your API risk is?Free 15-question assessment aligned to OWASP, SOC 2 & ISO 27001.
Take the API Security Assessment

FAQ

Frequently Asked Questions

Enhance ISO 27001
Enhance SOC 2
Enhance GDPR
Enhance HIPAA

Add outbound API security
without changing code

Start on your own or talk to our team about improving the security of every API call you make.

Start for Free Book a Demo