Per-User Limits
Apply rate limits per API key, per user, or per endpoint — with a single click or full TypeScript customization.
Traffic Control
Rate Limiting
Protect your APIs from abuse and ensure fair usage with flexible, programmable rate limiting that works at the edge.
Edge Performance
Rate limiting decisions are made at the edge, not at your origin, keeping your backend protected and fast.
Dynamic Tiers
Store tier information in API key metadata and apply different limits to free vs. paid customers automatically.
Traffic Control
Flexible Rate Limit Policies
Configure rate limits per API, per route, per user, or per API key with simple JSON configuration. No cURL commands or complex DSLs required.
Learn more in the docs
Traffic Control
Programmable Rate Limiting
Use TypeScript to implement custom rate limiting logic — different limits per customer tier, dynamic burst allowances, or business-rule-based throttling.
Learn more in the docs
Traffic Control
Distributed Rate Limiting at the Edge
Zuplo's rate limiting is distributed across 300+ edge locations, providing accurate enforcement globally without a central database bottleneck.
Learn more in the docs
Frequently Asked Questions
Common questions about Rate Limiting.
What rate limiting algorithms does Zuplo support?
Zuplo supports fixed window, sliding window, and token bucket rate limiting algorithms. You can choose the algorithm that best fits your use case.
Can I apply different rate limits to different customers?
Yes. Store tier information in API key metadata (e.g., 'plan': 'premium') and use TypeScript policies to apply different limits based on that metadata.
How does rate limiting work at the edge?
Zuplo replicates rate limit counters to the edge, allowing decisions to be made locally without a round-trip to a central database. This means sub-millisecond rate limit checks globally.
Can I rate limit by IP address?
Yes. Zuplo can rate limit by IP address, API key, user ID, or any custom identifier extracted from the request. Multiple strategies can be combined.
What happens when a rate limit is exceeded?
Zuplo returns a 429 Too Many Requests response with Retry-After headers. The response body and headers are fully customizable via TypeScript policies.
Ready to get started?
Join thousands of developers who trust Zuplo to secure, scale, and monetize their APIs.