Rate Limiting
Rate limiting lets you control how many requests a single caller can make to your proxy function within a one-minute window. This protects you from accidental overuse, runaway loops in your frontend code, and malicious traffic.
What Rate Limiting Does
When rate limiting is enabled on a proxy, the proxy tracks how many requests have been received in the current minute. Once the limit is reached, any additional requests are rejected with an error response until the window resets.
This helps you:
- Prevent a single user or script from exhausting your monthly invocation quota
- Protect against accidental infinite loops in frontend code
- Guard against basic abuse of your public proxy endpoints
Enabling Rate Limiting
Rate limiting is configured per proxy. You can enable it when creating a proxy or by editing an existing one.
Open the Proxy Form
Navigate to Proxy Functions, find the proxy you want to configure, and click the three-dot menu then Edit. Or start creating a new proxy.
Find the Rate Limiting Section
Scroll down to the Rate Limiting section in the proxy form.
Enable Rate Limiting
Toggle the Enable rate limiting switch to on.
Set the Limit
Enter the maximum number of requests allowed per minute. For example, entering 60 means one request per second on average.
Save
Click Update Proxy (or Create Proxy for a new proxy) to apply the setting.
Rate Limit Headers
When rate limiting is active, every response from the proxy includes headers that tell your frontend the current limit state:
| Header | Description | Example |
|---|---|---|
X-RateLimit-Limit | The maximum requests allowed per minute | 60 |
X-RateLimit-Remaining | Requests remaining in the current window | 45 |
X-RateLimit-Reset | Unix timestamp when the window resets | 1708956120 |
You can read these headers in your frontend code to show quota feedback or throttle requests proactively.
What Happens When the Limit Is Exceeded
When a request arrives after the limit has been reached, the proxy responds with:
- HTTP status:
429 Too Many Requests - Response body:
{ "error": "Rate limit exceeded" } - Retry-After header: The number of seconds until the window resets
Requests that return 429 still count as invocations against your monthly plan quota. Design your frontend to respect rate limits and back off when receiving 429 responses.
Choosing a Limit
A few guidelines for picking the right value:
| Use Case | Suggested Limit |
|---|---|
| Contact form (human-driven) | 5–10 requests/min |
| Chatbot or AI API | 20–30 requests/min |
| General API calls from a web app | 60 requests/min |
| High-volume integrations | 120+ requests/min |
If you are unsure, start conservative and increase the limit if users encounter 429 errors under normal usage.
Disabling Rate Limiting
To remove rate limiting from a proxy, edit the proxy and toggle Enable rate limiting off. Save the proxy. Requests will no longer be limited.