Atharva_404The 0: Why?
Hey, lads as you might know, with the uprising of online users and SaaS emerging, how important is is to implement authentication in your application to prevent users from misusing or depleting your resources and prevent the services from working.
Authentication comes in many ways, in which one of the most widely used and safest is OTP based authentication, which works by sending the user an OTP (One Time Password) which they can use to enter your website or perform passwords resets and what not.
But what if someone misuses your authentication to span OTP's and bring down your smtp server?
This is where rate limiting comes in picture. Unkey is one of the easiest way to implement and safeguard your API routes.
The 0.5: Unkey's entry
Unkey as they say
Redefined API management for developers. Quickly add API keys, rate limiting, and usage analytics to your API at any scale.
Ps: it is open-source
The 1.0: My project and Unkey's Rate Limiting
Recently I made an entire authentication backend (can be found here) which provides a plug and play functionality, with features like sign-in/up, password resets, verification mails as well as welcome mails.
I was looking for a solution to rate-limit my endpoints since I'm using a free tier of mailtrap to send emails. And while researching, I came across Unkey's Rate Limiting feature (doc here), and was amazed by how easy it was to implement in my pre-existing project.
Here's how I did it, and how you can do it too!
Implementing Rate Limiting using Unkey:
I have two routes that I want to rate-limit which are as follows:
- Sign-up (without Unkey): As shown below I am sending an OTP to verify the user on Sign Up.
- Password Reset Email (without Unkey): If a user forgets or decides to reset there password, I have a separate route.
Before starting with Unkey, don't forget to install there package which supports typescript by running:
npm install @unkey/ratelimit
Create a root key from https://app.unkey.com/settings/root-keys/new with the following permissions:
And don't forget to copy your key to .env since it will be only show once.
Unkey requires you to define a Rate Limit config which helps you fine-grain rate limiting rules and definitions.
Here is the config I am using:
And this was the hardest part, yes really! Unkey is this easy
Now, you can ratelimit any of your API's with whichever identifier that you want, here's how I used it to rate limit users based on there email's to prevent them from flooding my smtp server.
- Sign-in with Rate Limiting from Unkey:
- Reset Password mail with Rate Limiting from Unkey:
Rate Limiting in Action:
Here I am testing my backend using postman to check if the rate limiting is working:
Analytics
You know what is even Better? Unkey also gave me analytics which I can view on there dashboard after you create the key.
The 2.0: Conclusion
Unkey is one of if not the best way to protect and ratelimit your API's, and what better is that it is Open-source as compared to other services, there source code can be found here
I would highly recommend this to anyone who is looking to safeguard there API's without much hassle and full transparency.
