Skip to content

Rate limiting

This page explains how to apply rate limiting to APIs.


In the realm of API management, rate limiting is one of the fundamental aspects of managing traffic to your APIs.

API-level rate limiting can help with API overuse and ensures that the overall rate limit isn't exceeded.

API-level rate limiting

Behind the scenes, Traefik Hub uses the Token Bucket algorithm to rate limit requests.

The token bucket algorithm is used to define the number of requests that can be served simultaneously.

For example, if you define a limit of 100, it means that it is possible to serve 100 requests at once.

Users spend one token for each request and after the request the token will be removed from the bucket. At the same time, it fills the bucket with new tokens at a constant rate and while there is free space in it.

If users spend tokens faster than they're refilled and the bucket is empty, requests will be rejected till new tokens are added to it.

You can configure the refilling period of a bucket in seconds, minutes or hours.

For example, if you set the period to 1m (one minute) your bucket will be refilled with new tokens every minute.

Field Description
limit The number of tokens in a bucket.
period The time period (speed) at which the tokens are added into the bucket.
Time period can be seconds, minutes or hours (s/m/h). Default value is one second.

CRD example

kind: APIRateLimit
  name: my-rate-limit

  # Rate limit configuration, this config allows 100 requests/minute.
  limit: 100 # 100 requests
  period: 1m # One minute

    - support

      module: crm

You must configure either anyGroups or groups for rate limiting.

Without setting one of them, rate limiting will not be applied.

In Traefik Hub groups are used to configure permissions.

What's next