`@fastify/rate-limit`

Limits the number of requests a client can make in a time window.

Since Fastify 5 Spec ↗

Syntax

app.register(rateLimit, { max, timeWindow })

Parameters

Name	Type	Required	Description
`options`	`object`	No	Settings like max, timeWindow, keyGenerator, and store.

Returns

Promise<void> — Resolves when the plugin is registered.

Throws

429 Too Many Requests — Returned automatically when the limit is exceeded.

Examples

import Fastify from 'fastify';
import rateLimit from '@fastify/rate-limit';

const app = Fastify();

await app.register(rateLimit, {
  max: 100,
  timeWindow: '1 minute',
});

app.get('/login', {
  config: { rateLimit: { max: 5, timeWindow: '1 minute' } },
}, async () => ({ ok: true }));

Notes

Global limits are set at registration; per-route overrides go in routeOptions.config.rateLimit. Use a Redis store for limits shared across multiple instances.