The Sailscasts Blog

← Back to blog

Rate limiting in Sails

Kelvin Omereshone

I recently had to implement rate limiting on the Conference API - a Sailscasts community project.

The whole idea of rate limiting is to limit the number of requests coming to a particular API in a certain time window.

The Conference API is written with Sails.js and when researching on how to implement rate limiting, I stumbled on the express-rate-limit package which handles rate limiting for Express and since Sails is based on Express, I saw an opportunity to wrap this package in a Sails hook to fine-tune the experience of using the package for Sails developers.


The result of that fine-tuning is sails-hook-rate-limit. This hook simplifies setting up rate limiting in a Sails application by wrapping the express-rate-limit package thereby providing a nicer DX for setting up rate limiting in Sails.


To use this hook in your Sails project, run the below command in your terminal

npm i sails-hook-rate-limit --save

And that’s all you need to setup rate limiting in your Sails API!


By default, sails-hook-rate-limit set some basic configs that you may or may not want to override.

For example, it sets the windowMs to 10 minutes, the max request per window to 100, set express-rate-limit to use standard headers i.e RateLimit-* and disables legacy headers i.e X-RateLimit-*

To override these values and more config options, create config/rate-limit.js and export a rateLimit object like so:

module.exports.rateLimit = {
  // config goes here

In this config object you can pass in any configuration property that express-rate-limit expects. See the configuration docs of express-rate-limit for those properties.

For example let’s say I want to override the default 10 minutes window to 20 minutes, I will pass the following to config/rate-limit.js object.

module.exports.rateLimit = {
  windowMs: 20 * 60 * 1000 // 20 minutes


Rate limiting is frequently used to control the frequency of requests to an API and in this article we covered how to set up rate limiting in your Sails APIs by using the sails-hook-rate-limit Sails hook.